Mercurialpidgin/main / changeset
summary | pushlog | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Fix a possible MSN remote crash release-2.x.y
authorMark Doliner <markdoliner@pidgin.im>
Mon, 07 May 2012 03:18:08 +0000
branchrelease-2.x.y
changeset4d6bcb4f4ea4 pushlog
parent 5f9d676cefdb
child 1d00b9e4aa6a
Fix a possible MSN remote crash

Incoming messages with certain characters or character encodings
can cause clients to crash. The fix is for the contents of all
incoming plaintext messages are converted to UTF-8 and validated
before used.

This was reported to us by Fabian Yamaguchi and this patch was written
by Elliott Sales de Andrade (maybe with small, insignificant changes by me)
libpurple/protocols/msn/msg.c file | annotate | diff | revisions 
     1.1 --- a/libpurple/protocols/msn/msg.c
     1.2 +++ b/libpurple/protocols/msn/msg.c
     1.3 @@ -257,13 +257,47 @@
     1.4  		msg->body[msg->body_len] = '\0';
     1.5  	}
     1.6  
     1.7 -	if ((!content_type || !strcmp(content_type, "text/plain"))
     1.8 -			&& msg->charset == NULL) {
     1.9 -		char *body = g_convert(msg->body, msg->body_len, "UTF-8",
    1.10 -				"ISO-8859-1", NULL, &msg->body_len, NULL);
    1.11 -		g_free(msg->body);
    1.12 -		msg->body = body;
    1.13 -		msg->charset = g_strdup("UTF-8");
    1.14 +	if (msg->body && content_type && purple_str_has_prefix(content_type, "text/")) {
    1.15 +		char *body = NULL;
    1.16 +
    1.17 +		if (msg->charset == NULL || g_str_equal(msg->charset, "UTF-8")) {
    1.18 +			/* Charset is UTF-8 */
    1.19 +			if (!g_utf8_validate(msg->body, msg->body_len, NULL)) {
    1.20 +				purple_debug_warning("msn", "Message contains invalid "
    1.21 +						"UTF-8. Attempting to salvage.\n");
    1.22 +				body = purple_utf8_salvage(msg->body);
    1.23 +				payload_len = strlen(body);
    1.24 +			}
    1.25 +		} else {
    1.26 +			/* Charset is something other than UTF-8 */
    1.27 +			GError *err = NULL;
    1.28 +			body = g_convert(msg->body, msg->body_len, "UTF-8",
    1.29 +					msg->charset, NULL, &payload_len, &err);
    1.30 +			if (!body || err) {
    1.31 +				purple_debug_warning("msn", "Unable to convert message from "
    1.32 +						"%s to UTF-8: %s\n", msg->charset,
    1.33 +						err ? err->message : "Unknown error");
    1.34 +				if (err)
    1.35 +					g_error_free(err);
    1.36 +
    1.37 +				/* Fallback to ISO-8859-1 */
    1.38 +				g_free(body);
    1.39 +				body = g_convert(msg->body, msg->body_len, "UTF-8",
    1.40 +						"ISO-8859-1", NULL, &payload_len, NULL);
    1.41 +				if (!body) {
    1.42 +					g_free(msg->body);
    1.43 +					msg->body = NULL;
    1.44 +					msg->body_len = 0;
    1.45 +				}
    1.46 +			}
    1.47 +		}
    1.48 +
    1.49 +		if (body) {
    1.50 +			g_free(msg->body);
    1.51 +			msg->body = body;
    1.52 +			msg->body_len = payload_len;
    1.53 +			msn_message_set_charset(msg, "UTF-8");
    1.54 +		}
    1.55  	}
    1.56  
    1.57  	g_free(tmp_base);
pidgin/main