Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 853758 Details for
Bug 1056473
CVE-2012-6152 pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Local copy of the patch
CVE-2012-6152.diff (text/plain), 36.93 KB, created by
Huzaifa S. Sidhpurwala
on 2014-01-22 09:37:43 UTC
(
hide
)
Description:
Local copy of the patch
Filename:
MIME Type:
Creator:
Huzaifa S. Sidhpurwala
Created:
2014-01-22 09:37:43 UTC
Size:
36.93 KB
patch
obsolete
>changeset: 35234:b0345c25f886 >branch: release-2.x.y >user: Mark Doliner <mark@kingant.net> >date: Sun Jan 19 11:30:49 2014 -0800 >summary: Validate incoming Yahoo strings as UTF-8 before using them. > >diff -r 956f247148db -r b0345c25f886 libpurple/protocols/yahoo/libymsg.c >--- a/libpurple/protocols/yahoo/libymsg.c Sat Jan 18 16:30:55 2014 -0800 >+++ b/libpurple/protocols/yahoo/libymsg.c Sun Jan 19 11:30:49 2014 -0800 >@@ -21,6 +21,12 @@ > * > */ > >+/* >+ * Note: When handling the list of struct yahoo_pair's from an incoming >+ * packet the value might not be UTF-8. You should either validate that >+ * it is UTF-8 using g_utf8_validate() or use yahoo_string_decode(). >+ */ >+ > #include "internal.h" > > #include "account.h" >@@ -592,14 +598,24 @@ static void yahoo_process_list_15(Purple > yd->current_list15_grp = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 7: /* buddy's s/n */ >- g_free(temp); >- temp = g_strdup(purple_normalize(account, pair->value)); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ g_free(temp); >+ temp = g_strdup(purple_normalize(account, pair->value)); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_list_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 241: /* user on federated network */ > fed = strtol(pair->value, NULL, 10); > break; > case 59: /* somebody told cookies come here too, but im not sure */ >- yahoo_process_cookie(yd, pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ yahoo_process_cookie(yd, pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_list_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 317: /* Stealth Setting */ > stealth = strtol(pair->value, NULL, 10); >@@ -662,22 +678,42 @@ static void yahoo_process_list(PurpleCon > g_string_append(yd->tmp_serv_blist, pair->value); > break; > case 88: >- if (!yd->tmp_serv_ilist) >- yd->tmp_serv_ilist = g_string_new(pair->value); >- else >- g_string_append(yd->tmp_serv_ilist, pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ if (!yd->tmp_serv_ilist) >+ yd->tmp_serv_ilist = g_string_new(pair->value); >+ else >+ g_string_append(yd->tmp_serv_ilist, pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_list " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 89: >- yd->profiles = g_strsplit(pair->value, ",", -1); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ yd->profiles = g_strsplit(pair->value, ",", -1); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_list " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 59: /* cookies, yum */ >- yahoo_process_cookie(yd, pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ yahoo_process_cookie(yd, pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_list " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case YAHOO_SERVICE_PRESENCE_PERM: >- if (!yd->tmp_serv_plist) >- yd->tmp_serv_plist = g_string_new(pair->value); >- else >- g_string_append(yd->tmp_serv_plist, pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ if (!yd->tmp_serv_plist) >+ yd->tmp_serv_plist = g_string_new(pair->value); >+ else >+ g_string_append(yd->tmp_serv_plist, pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_list " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >@@ -700,6 +736,12 @@ static void yahoo_process_list(PurpleCon > grp = yahoo_string_decode(gc, split[0], FALSE); > buddies = g_strsplit(split[1], ",", -1); > for (bud = buddies; bud && *bud; bud++) { >+ if (!g_utf8_validate(*bud, -1, NULL)) { >+ purple_debug_warning("yahoo", "yahoo_process_list " >+ "got non-UTF-8 string for bud\n"); >+ continue; >+ } >+ > norm_bud = g_strdup(purple_normalize(account, *bud)); > f = yahoo_friend_find_or_new(gc, norm_bud); > >@@ -794,14 +836,26 @@ static void yahoo_process_notify(PurpleC > > while (l) { > struct yahoo_pair *pair = l->data; >- if (pair->key == 4 || pair->key == 1) >- from = pair->value; >+ if (pair->key == 4 || pair->key == 1) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ from = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_notify " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > if (pair->key == 49) > msg = pair->value; > if (pair->key == 13) > stat = pair->value; >- if (pair->key == 14) >- game = pair->value; >+ if (pair->key == 14) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ game = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_notify " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > if (pair->key == 11) > val_11 = strtol(pair->value, NULL, 10); > if (pair->key == 241) >@@ -905,10 +959,15 @@ static void yahoo_process_sms_message(Pu > while (l != NULL) { > struct yahoo_pair *pair = l->data; > if (pair->key == 4) { >- sms = g_new0(struct _yahoo_im, 1); >- sms->from = g_strdup_printf("+%s", pair->value); >- sms->time = time(NULL); >- sms->utf8 = TRUE; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ sms = g_new0(struct _yahoo_im, 1); >+ sms->from = g_strdup_printf("+%s", pair->value); >+ sms->time = time(NULL); >+ sms->utf8 = TRUE; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_sms_message " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > } > if (pair->key == 14) { > if (sms) >@@ -917,8 +976,14 @@ static void yahoo_process_sms_message(Pu > if (pair->key == 68) > if(sms) > g_hash_table_insert(yd->sms_carrier, g_strdup(sms->from), g_strdup(pair->value)); >- if (pair->key == 16) >- server_msg = pair->value; >+ if (pair->key == 16) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ server_msg = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_sms_message " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > l = l->next; > } > >@@ -972,13 +1037,18 @@ static void yahoo_process_message(Purple > while (l != NULL) { > struct yahoo_pair *pair = l->data; > if (pair->key == 4 || pair->key == 1) { >- im = g_new0(struct _yahoo_im, 1); >- list = g_slist_append(list, im); >- im->from = pair->value; >- im->time = time(NULL); >- im->utf8 = TRUE; >- im->fed = YAHOO_FEDERATION_NONE; >- im->fed_from = g_strdup(im->from); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ im = g_new0(struct _yahoo_im, 1); >+ list = g_slist_append(list, im); >+ im->from = pair->value; >+ im->time = time(NULL); >+ im->utf8 = TRUE; >+ im->fed = YAHOO_FEDERATION_NONE; >+ im->fed_from = g_strdup(im->from); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_message " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > } > if (im && pair->key == 5) > im->active_id = pair->value; >@@ -1034,7 +1104,7 @@ static void yahoo_process_message(Purple > } > } > /* IMV key */ >- if (im && pair->key == 63) >+ if (im && pair->key == 63 && g_utf8_validate(pair->value, -1, NULL)) > { > /* Check for the Doodle IMV, no IMvironment for federated buddies */ > if (im->from != NULL && im->fed == YAHOO_FEDERATION_NONE) >@@ -1170,10 +1240,22 @@ static void yahoo_process_sysmessage(Pur > while (l) { > struct yahoo_pair *pair = l->data; > >- if (pair->key == 5) >- me = pair->value; >- if (pair->key == 14) >- msg = pair->value; >+ if (pair->key == 5) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ me = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_sysmessage " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } >+ if (pair->key == 14) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ msg = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_sysmessage " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > > l = l->next; > } >@@ -1331,7 +1413,12 @@ static void yahoo_buddy_auth_req_15(Purp > > switch (pair->key) { > case 4: >- temp = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ temp = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 13: > response = strtol(pair->value, NULL, 10); >@@ -1386,22 +1473,42 @@ static void yahoo_buddy_auth_req_15(Purp > > switch (pair->key) { > case 4: >- temp = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ temp = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: >- add_req->id = g_strdup(pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ add_req->id = g_strdup(pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 14: > msg = pair->value; > break; > case 216: >- firstname = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ firstname = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 241: > add_req->fed = strtol(pair->value, NULL, 10); > break; > case 254: >- lastname = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ lastname = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > > } >@@ -1482,10 +1589,20 @@ static void yahoo_buddy_added_us(PurpleC > > switch (pair->key) { > case 1: >- add_req->id = g_strdup(pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ add_req->id = g_strdup(pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_added_us " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 3: >- add_req->who = g_strdup(pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ add_req->who = g_strdup(pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_added_us " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 15: /* time, for when they add us and we're offline */ > break; >@@ -1537,10 +1654,20 @@ static void yahoo_buddy_denied_our_add_o > > switch (pair->key) { > case 3: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 14: >- msg = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ msg = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > l = l->next; >@@ -1637,12 +1764,28 @@ static void yahoo_process_mail(PurpleCon > struct yahoo_pair *pair = l->data; > if (pair->key == 9) > count = strtol(pair->value, NULL, 10); >- else if (pair->key == 43) >- who = pair->value; >- else if (pair->key == 42) >- email = pair->value; >- else if (pair->key == 18) >- subj = pair->value; >+ else if (pair->key == 43) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_mail " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } else if (pair->key == 42) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ email = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_mail " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } else if (pair->key == 18) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ subj = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_mail " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > l = l->next; > } > >@@ -2077,10 +2220,22 @@ static void yahoo_process_auth(PurpleCon > > while (l) { > struct yahoo_pair *pair = l->data; >- if (pair->key == 94) >- seed = pair->value; >- if (pair->key == 1) >- sn = pair->value; >+ if (pair->key == 94) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ seed = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_auth " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } >+ if (pair->key == 1) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ sn = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_auth " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > if (pair->key == 13) > m = atoi(pair->value); > l = l->next; >@@ -2152,10 +2307,20 @@ static void yahoo_process_ignore(PurpleC > struct yahoo_pair *pair = l->data; > switch (pair->key) { > case 0: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_ignore " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 1: >- me = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ me = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_ignore " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 13: > /* 1 == ignore, 2 == unignore */ >@@ -2224,8 +2389,14 @@ static void yahoo_process_authresp(Purpl > > if (pair->key == 66) > err = strtol(pair->value, NULL, 10); >- else if (pair->key == 20) >- url = pair->value; >+ else if (pair->key == 20) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ url = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_authresp " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > > l = l->next; > } >@@ -2313,7 +2484,12 @@ static void yahoo_process_addbuddy(Purpl > err = strtol(pair->value, NULL, 10); > break; > case 7: >- temp = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ temp = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_addbuddy " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 65: > group = pair->value; >@@ -2470,11 +2646,16 @@ static void yahoo_p2p_process_p2pfilexfe > > switch (pair->key) { > case 4: >- who = pair->value; >- if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) { >- /* from whom are we receiving the packets ?? */ >- purple_debug_warning("yahoo","p2p: received data from wrong user\n"); >- return; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) { >+ /* from whom are we receiving the packets ?? */ >+ purple_debug_warning("yahoo","p2p: received data from wrong user\n"); >+ return; >+ } >+ } else { >+ purple_debug_warning("yahoo", "yahoo_p2p_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); > } > break; > case 13: >@@ -2863,15 +3044,25 @@ static void yahoo_process_p2p(PurpleConn > /* our identity */ > break; > case 4: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2p " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 1: > /* who again, the master identity this time? */ > break; > case 12: >- base64 = pair->value; >- /* so, this is an ip address. in base64. decoded it's in ascii. >- after strtol, it's in reversed byte order. Who thought this up?*/ >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ base64 = pair->value; >+ /* so, this is an ip address. in base64. decoded it's in ascii. >+ after strtol, it's in reversed byte order. Who thought this up?*/ >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2p " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 13: > val_13 = strtol(pair->value, NULL, 10); >@@ -2960,7 +3151,12 @@ static void yahoo_process_audible(Purple > > switch (pair->key) { > case 4: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_audible " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: > /* us */ >@@ -2968,11 +3164,21 @@ static void yahoo_process_audible(Purple > case 230: > /* the audible, in foo.locale.bar.baz format > eg: base.tw.smiley.smiley43 */ >- id = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ id = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_audible " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 231: > /* the text of the audible */ >- msg = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ msg = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_audible " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 232: > /* SHA-1 hash of audible SWF file (eg: 4e8691499d9c0fb8374478ff9720f4a9ea4a4915) */ >diff -r 956f247148db -r b0345c25f886 libpurple/protocols/yahoo/yahoo_aliases.c >--- a/libpurple/protocols/yahoo/yahoo_aliases.c Sat Jan 18 16:30:55 2014 -0800 >+++ b/libpurple/protocols/yahoo/yahoo_aliases.c Sun Jan 19 11:30:49 2014 -0800 >@@ -696,8 +696,14 @@ void yahoo_process_contact_details(Purpl > struct yahoo_pair *pair = l->data; > switch (pair->key) { > case 4: >- who = pair->value; /* This is the person who sent us the details. >- But not necessarily about himself. */ >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ /* This is the person who sent us the details. >+ But not necessarily about himself. */ >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_contact_details " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: > break; >@@ -709,8 +715,13 @@ void yahoo_process_contact_details(Purpl > and look into the xml instead to see who the information is about. */ > break; > case 280: >- xml = pair->value; >- parse_contact_details(yd, who, xml); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ xml = pair->value; >+ parse_contact_details(yd, who, xml); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_contact_details " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >diff -r 956f247148db -r b0345c25f886 libpurple/protocols/yahoo/yahoo_filexfer.c >--- a/libpurple/protocols/yahoo/yahoo_filexfer.c Sat Jan 18 16:30:55 2014 -0800 >+++ b/libpurple/protocols/yahoo/yahoo_filexfer.c Sun Jan 19 11:30:49 2014 -0800 >@@ -749,25 +749,60 @@ void yahoo_process_p2pfilexfer(PurpleCon > > switch(pair->key) { > case 5: /* Get who the packet is for */ >- me = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ me = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 4: /* Get who the packet is from */ >- from = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ from = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 49: /* Get the type of service */ >- service = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ service = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 14: /* Get the 'message' of the packet */ >- message = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ message = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 13: /* Get the command associated with this packet */ >- command = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ command = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 63: /* IMVironment name and version */ >- imv = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ imv = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 64: /* Not sure, but it does vary with initialization of Doodle */ >- unknown = pair->value; /* So, I'll keep it (for a little while atleast) */ >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ unknown = pair->value; /* So, I'll keep it (for a little while atleast) */ >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > >@@ -813,16 +848,36 @@ void yahoo_process_filetransfer(PurpleCo > > switch (pair->key) { > case 4: >- from = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ from = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetransfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: >- to = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ to = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetransfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 14: >- msg = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ msg = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetransfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 20: >- url = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ url = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetransfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 38: > expires = strtol(pair->value, NULL, 10); >@@ -834,10 +889,20 @@ void yahoo_process_filetransfer(PurpleCo > filesize = atol(pair->value); > break; > case 49: >- service = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ service = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetransfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 63: >- imv = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ imv = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetransfer " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >@@ -1616,20 +1681,40 @@ void yahoo_process_filetrans_15(PurpleCo > > switch (pair->key) { > case 4: >- from = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ from = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: >- to = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ to = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 265: >- xfer_peer_idstring = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ xfer_peer_idstring = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 27: > filename_list = g_slist_prepend(filename_list, g_strdup(pair->value)); > nooffiles++; > break; > case 28: >- size_list = g_slist_prepend(size_list, g_strdup(pair->value)); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ size_list = g_slist_prepend(size_list, g_strdup(pair->value)); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 222: > val_222 = atol(pair->value); >@@ -1638,10 +1723,20 @@ void yahoo_process_filetrans_15(PurpleCo > > /* check for p2p and imviron .... not sure it comes by this service packet. Since it was bundled with filexfer in old ymsg version, still keeping it. */ > case 49: >- service = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ service = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 63: >- imv = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ imv = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > /* end check */ > >@@ -1803,7 +1898,12 @@ void yahoo_process_filetrans_info_15(Pur > to = pair->value; > break; > case 265: >- xfer_peer_idstring = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ xfer_peer_idstring = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 27: > filename = pair->value; >@@ -1816,10 +1916,20 @@ void yahoo_process_filetrans_info_15(Pur > /* 249 has value 1 or 2 when doing p2p transfer and value 3 when relaying through yahoo server */ > break; > case 250: >- url = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ url = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 251: >- xfer_idstring_for_relay = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ xfer_idstring_for_relay = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >@@ -1902,10 +2012,20 @@ void yahoo_process_filetrans_acc_15(Purp > > switch (pair->key) { > case 251: >- xfer_idstring_for_relay = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ xfer_idstring_for_relay = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 265: >- xfer_peer_idstring = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ xfer_peer_idstring = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 66: > val_66 = atol(pair->value); >@@ -1914,7 +2034,13 @@ void yahoo_process_filetrans_acc_15(Purp > val_249 = atol(pair->value); > break; > case 250: >- url = pair->value; /* we get a p2p url here when sending file, connected as client */ >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ /* we get a p2p url here when sending file, connected as client */ >+ url = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >diff -r 956f247148db -r b0345c25f886 libpurple/protocols/yahoo/yahoo_friend.c >--- a/libpurple/protocols/yahoo/yahoo_friend.c Sat Jan 18 16:30:55 2014 -0800 >+++ b/libpurple/protocols/yahoo/yahoo_friend.c Sun Jan 19 11:30:49 2014 -0800 >@@ -158,7 +158,12 @@ void yahoo_process_presence(PurpleConnec > > switch (pair->key) { > case 7: >- temp = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ temp = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_presence " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 31: > value = strtol(pair->value, NULL, 10); >diff -r 956f247148db -r b0345c25f886 libpurple/protocols/yahoo/yahoo_picture.c >--- a/libpurple/protocols/yahoo/yahoo_picture.c Sat Jan 18 16:30:55 2014 -0800 >+++ b/libpurple/protocols/yahoo/yahoo_picture.c Sun Jan 19 11:30:49 2014 -0800 >@@ -84,10 +84,20 @@ void yahoo_process_picture(PurpleConnect > switch (pair->key) { > case 1: > case 4: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_picture " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: >- us = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ us = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_picture " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 13: { > int tmp; >@@ -100,7 +110,12 @@ void yahoo_process_picture(PurpleConnect > break; > } > case 20: >- url = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ url = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_picture " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 192: > checksum = strtol(pair->value, NULL, 10); >@@ -154,7 +169,12 @@ void yahoo_process_picture_checksum(Purp > > switch (pair->key) { > case 4: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_picture_checksum " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: > /* us */ >@@ -197,7 +217,12 @@ void yahoo_process_picture_upload(Purple > /* filename on our computer. */ > break; > case 20: /* url at yahoo */ >- url = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ url = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_picture_upload " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > case 38: /* timestamp */ > break; > } >@@ -225,7 +250,12 @@ void yahoo_process_avatar_update(PurpleC > > switch (pair->key) { > case 4: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_avatar_upload " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 5: > /* us */ >diff -r 956f247148db -r b0345c25f886 libpurple/protocols/yahoo/yahoochat.c >--- a/libpurple/protocols/yahoo/yahoochat.c Sat Jan 18 16:30:55 2014 -0800 >+++ b/libpurple/protocols/yahoo/yahoochat.c Sun Jan 19 11:30:49 2014 -0800 >@@ -156,15 +156,25 @@ void yahoo_process_conference_invite(Pur > room = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 50: /* inviter */ >- who = pair->value; >- g_string_append_printf(members, "%s\n", who); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ g_string_append_printf(members, "%s\n", who); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_conference_invite " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 51: /* This user is being invited to the conference. Comes with status = 11, so we wont reach here */ > break; > case 52: /* Invited users. Assuming us invited, since we got this packet */ > break; /* break needed, or else we add the users to the conference before they accept the invitation */ > case 53: /* members who have already joined the conference */ >- g_string_append_printf(members, "%s\n", pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ g_string_append_printf(members, "%s\n", pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_conference_invite " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 58: > g_free(msg); >@@ -220,7 +230,12 @@ void yahoo_process_conference_decline(Pu > room = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 54: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_conference_decline " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 14: > g_free(msg); >@@ -277,7 +292,12 @@ void yahoo_process_conference_logon(Purp > room = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 53: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_conference_logon " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >@@ -309,7 +329,12 @@ void yahoo_process_conference_logoff(Pur > room = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 56: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_conference_logoff " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > } > } >@@ -340,7 +365,12 @@ void yahoo_process_conference_message(Pu > room = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 3: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_conference_message " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 14: > msg = pair->value; >@@ -506,18 +536,38 @@ void yahoo_process_chat_join(PurpleConne > topic = yahoo_string_decode(gc, pair->value, TRUE); > break; > case 128: >- someid = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ someid = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_join " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 108: /* number of joiners */ > break; > case 129: >- someotherid = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ someotherid = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_join " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 130: >- somebase64orhashosomething = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ somebase64orhashosomething = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_join " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 126: >- somenegativenumber = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ somenegativenumber = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_join " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 13: /* this is 1. maybe its the type of room? (normal, user created, private, etc?) */ > break; >@@ -528,7 +578,12 @@ void yahoo_process_chat_join(PurpleConne > info about individual room members, (including us) */ > > case 109: /* the yahoo id */ >- members = g_list_append(members, pair->value); >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ members = g_list_append(members, pair->value); >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_join " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 110: /* age */ > break; >@@ -625,8 +680,14 @@ void yahoo_process_chat_exit(PurpleConne > g_free(room); > room = yahoo_string_decode(gc, pair->value, TRUE); > } >- if (pair->key == 109) >- who = pair->value; >+ if (pair->key == 109) { >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_exit " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } >+ } > } > > if (who && room) { >@@ -658,10 +719,20 @@ void yahoo_process_chat_message(PurpleCo > room = yahoo_string_decode(gc, pair->value, TRUE); > break; > case 109: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_message " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 117: >- msg = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ msg = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_message " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 124: > msgtype = strtol(pair->value, NULL, 10); >@@ -724,7 +795,12 @@ void yahoo_process_chat_addinvite(Purple > msg = yahoo_string_decode(gc, pair->value, FALSE); > break; > case 119: >- who = pair->value; >+ if (g_utf8_validate(pair->value, -1, NULL)) { >+ who = pair->value; >+ } else { >+ purple_debug_warning("yahoo", "yahoo_process_chat_addinvite " >+ "got non-UTF-8 string for key %d\n", pair->key); >+ } > break; > case 118: /* us */ > break; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=853758">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1056473
: 853758