msn: Fix fault handling NUL-pointer derefs release-2.x.y
authorDaniel Atallah <datallah@pidgin.im>
Sat, 16 Mar 2013 14:17:45 -0400
branchrelease-2.x.y
changeset68d6df7dc69c pushlog
parent ef836278304b
child cd529e1158d3
msn: Fix fault handling NUL-pointer derefs
libpurple/protocols/msn/oim.c
libpurple/protocols/msn/soap.c
      1.1 --- a/libpurple/protocols/msn/oim.c
      1.2 +++ b/libpurple/protocols/msn/oim.c
      1.3 @@ -362,11 +362,12 @@
      1.4  			if (faultcode) {
      1.5  				char *faultcode_str = xmlnode_get_data(faultcode);
      1.6  
      1.7 -				if (g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {
      1.8 +				if (faultcode_str && g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {
      1.9  					xmlnode *challengeNode = xmlnode_get_child(faultNode,
     1.10  						"detail/LockKeyChallenge");
     1.11 +					char *challenge = NULL;
     1.12  
     1.13 -					if (challengeNode == NULL) {
     1.14 +					if (challengeNode == NULL || (challenge = xmlnode_get_data(challengeNode)) == NULL) {
     1.15  						if (oim->challenge) {
     1.16  							g_free(oim->challenge);
     1.17  							oim->challenge = NULL;
     1.18 @@ -384,7 +385,6 @@
     1.19  					} else {
     1.20  						char buf[33];
     1.21  
     1.22 -						char *challenge = xmlnode_get_data(challengeNode);
     1.23  						msn_handle_chl(challenge, buf);
     1.24  
     1.25  						g_free(oim->challenge);
     1.26 @@ -400,22 +400,23 @@
     1.27  					}
     1.28  				} else {
     1.29  					/* Report the error */
     1.30 -					const char *str_reason;
     1.31 +					const char *str_reason = NULL;
     1.32  
     1.33 -					if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {
     1.34 -						str_reason = _("Message was not sent because the system is "
     1.35 -						               "unavailable. This normally happens when the "
     1.36 -						               "user is blocked or does not exist.");
     1.37 +					if (faultcode_str) {
     1.38 +						if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {
     1.39 +							str_reason = _("Message was not sent because the system is "
     1.40 +							               "unavailable. This normally happens when the "
     1.41 +							               "user is blocked or does not exist.");
     1.42 +						} else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {
     1.43 +							str_reason = _("Message was not sent because messages "
     1.44 +							               "are being sent too quickly.");
     1.45 +						} else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {
     1.46 +							str_reason = _("Message was not sent because an unknown "
     1.47 +							               "encoding error occurred.");
     1.48 +						}
     1.49 +					}
     1.50  
     1.51 -					} else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {
     1.52 -						str_reason = _("Message was not sent because messages "
     1.53 -						               "are being sent too quickly.");
     1.54 -
     1.55 -					} else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {
     1.56 -						str_reason = _("Message was not sent because an unknown "
     1.57 -						               "encoding error occurred.");
     1.58 -
     1.59 -					} else {
     1.60 +					if (str_reason == NULL) {
     1.61  						str_reason = _("Message was not sent because an unknown "
     1.62  						               "error occurred.");
     1.63  					}
      2.1 --- a/libpurple/protocols/msn/soap.c
      2.2 +++ b/libpurple/protocols/msn/soap.c
      2.3 @@ -304,21 +304,25 @@
      2.4  		if (faultcode != NULL) {
      2.5  			char *faultdata = xmlnode_get_data(faultcode);
      2.6  
      2.7 -			if (g_str_equal(faultdata, "psf:Redirect")) {
      2.8 +			if (faultdata && g_str_equal(faultdata, "psf:Redirect")) {
      2.9  				xmlnode *url = xmlnode_get_child(fault, "redirectUrl");
     2.10  
     2.11  				if (url) {
     2.12  					char *urldata = xmlnode_get_data(url);
     2.13 -					msn_soap_handle_redirect(conn, urldata);
     2.14 +					if (urldata)
     2.15 +						msn_soap_handle_redirect(conn, urldata);
     2.16  					g_free(urldata);
     2.17  				}
     2.18  
     2.19  				g_free(faultdata);
     2.20  				msn_soap_message_destroy(response);
     2.21  				return TRUE;
     2.22 -			} else if (g_str_equal(faultdata, "wsse:FailedAuthentication")) {
     2.23 +			} else if (faultdata && g_str_equal(faultdata, "wsse:FailedAuthentication")) {
     2.24  				xmlnode *reason = xmlnode_get_child(fault, "faultstring");
     2.25 -				char *reasondata = xmlnode_get_data(reason);
     2.26 +				char *reasondata = NULL;
     2.27 +
     2.28 +				if (reason)
     2.29 +					reasondata = xmlnode_get_data(reason);
     2.30  
     2.31  				msn_soap_connection_sanitize(conn, TRUE);
     2.32  				msn_session_set_error(conn->session, MSN_ERROR_AUTH,