Fix a remote-crash bug in ICQ (and probably AIM). It happens when the
SIM IM client tries to send us contacts.
Fixes #10481
1.1 --- a/libpurple/protocols/oscar/oscar.c
1.2 +++ b/libpurple/protocols/oscar/oscar.c
1.3 @@ -2874,25 +2874,46 @@
1.4 gchar **text;
1.5 text = g_strsplit(args->msg, "\376", 0);
1.6 if (text) {
1.7 - num = 0;
1.8 - for (i=0; i<strlen(text[0]); i++)
1.9 - num = num*10 + text[0][i]-48;
1.10 - for (i=0; i<num; i++) {
1.11 - struct name_data *data = g_new(struct name_data, 1);
1.12 - gchar *message = g_strdup_printf(_("ICQ user %u has sent you a buddy: %s (%s)"), args->uin, text[i*2+2], text[i*2+1]);
1.13 - data->gc = gc;
1.14 - data->name = g_strdup(text[i*2+1]);
1.15 - data->nick = g_strdup(text[i*2+2]);
1.16 -
1.17 - purple_request_action(gc, NULL, message,
1.18 - _("Do you want to add this buddy "
1.19 - "to your buddy list?"),
1.20 - PURPLE_DEFAULT_ACTION_NONE,
1.21 - purple_connection_get_account(gc), data->name, NULL,
1.22 - data, 2,
1.23 - _("_Add"), G_CALLBACK(purple_icq_buddyadd),
1.24 - _("_Decline"), G_CALLBACK(oscar_free_name_data));
1.25 - g_free(message);
1.26 + /* Read the number of contacts that we were sent */
1.27 + errno = 0;
1.28 + num = strtoul(text[0], NULL, 10);
1.29 +
1.30 + if (num > 0 && errno == 0) {
1.31 + for (i=0; i<num; i++) {
1.32 + struct name_data *data;
1.33 + gchar *message;
1.34 +
1.35 + if (!text[i*2 + 1] || !text[i*2 + 2]) {
1.36 + /* We're missing the contact name or nickname. Bail out. */
1.37 + gchar *tmp = g_strescape(args->msg, NULL);
1.38 + purple_debug_error("oscar", "Unknown syntax parsing "
1.39 + "ICQ buddies. args->msg=%s\n", tmp);
1.40 + g_free(tmp);
1.41 + break;
1.42 + }
1.43 +
1.44 + message = g_strdup_printf(_("ICQ user %u has sent you a buddy: %s (%s)"), args->uin, text[i*2+2], text[i*2+1]);
1.45 +
1.46 + data = g_new(struct name_data, 1);
1.47 + data->gc = gc;
1.48 + data->name = g_strdup(text[i*2+1]);
1.49 + data->nick = g_strdup(text[i*2+2]);
1.50 +
1.51 + purple_request_action(gc, NULL, message,
1.52 + _("Do you want to add this buddy "
1.53 + "to your buddy list?"),
1.54 + PURPLE_DEFAULT_ACTION_NONE,
1.55 + purple_connection_get_account(gc), data->name, NULL,
1.56 + data, 2,
1.57 + _("_Add"), G_CALLBACK(purple_icq_buddyadd),
1.58 + _("_Decline"), G_CALLBACK(oscar_free_name_data));
1.59 + g_free(message);
1.60 + }
1.61 + } else {
1.62 + gchar *tmp = g_strescape(args->msg, NULL);
1.63 + purple_debug_error("oscar", "Unknown syntax parsing "
1.64 + "ICQ buddies. args->msg=%s\n", tmp);
1.65 + g_free(tmp);
1.66 }
1.67 g_strfreev(text);
1.68 }