Fix a remote-crash bug in ICQ (and probably AIM). It happens when the
authorMark Doliner <markdoliner@pidgin.im>
Fri, 16 Oct 2009 08:36:51 +0000
changeset7dc8dfacd548 pushlog
parent 8f8d9963f92d
child 9312fb861d16
Fix a remote-crash bug in ICQ (and probably AIM). It happens when the
SIM IM client tries to send us contacts.

Fixes #10481
libpurple/protocols/oscar/oscar.c
      1.1 --- a/libpurple/protocols/oscar/oscar.c
      1.2 +++ b/libpurple/protocols/oscar/oscar.c
      1.3 @@ -2874,25 +2874,46 @@
      1.4  			gchar **text;
      1.5  			text = g_strsplit(args->msg, "\376", 0);
      1.6  			if (text) {
      1.7 -				num = 0;
      1.8 -				for (i=0; i<strlen(text[0]); i++)
      1.9 -					num = num*10 + text[0][i]-48;
     1.10 -				for (i=0; i<num; i++) {
     1.11 -					struct name_data *data = g_new(struct name_data, 1);
     1.12 -					gchar *message = g_strdup_printf(_("ICQ user %u has sent you a buddy: %s (%s)"), args->uin, text[i*2+2], text[i*2+1]);
     1.13 -					data->gc = gc;
     1.14 -					data->name = g_strdup(text[i*2+1]);
     1.15 -					data->nick = g_strdup(text[i*2+2]);
     1.16 -
     1.17 -					purple_request_action(gc, NULL, message,
     1.18 -										_("Do you want to add this buddy "
     1.19 -										  "to your buddy list?"),
     1.20 -										PURPLE_DEFAULT_ACTION_NONE,
     1.21 -										purple_connection_get_account(gc), data->name, NULL,
     1.22 -										data, 2,
     1.23 -										_("_Add"), G_CALLBACK(purple_icq_buddyadd),
     1.24 -										_("_Decline"), G_CALLBACK(oscar_free_name_data));
     1.25 -					g_free(message);
     1.26 +				/* Read the number of contacts that we were sent */
     1.27 +				errno = 0;
     1.28 +				num = strtoul(text[0], NULL, 10);
     1.29 +
     1.30 +				if (num > 0 && errno == 0) {
     1.31 +					for (i=0; i<num; i++) {
     1.32 +						struct name_data *data;
     1.33 +						gchar *message;
     1.34 +
     1.35 +						if (!text[i*2 + 1] || !text[i*2 + 2]) {
     1.36 +							/* We're missing the contact name or nickname.  Bail out. */
     1.37 +							gchar *tmp = g_strescape(args->msg, NULL);
     1.38 +							purple_debug_error("oscar", "Unknown syntax parsing "
     1.39 +									"ICQ buddies.  args->msg=%s\n", tmp);
     1.40 +							g_free(tmp);
     1.41 +							break;
     1.42 +						}
     1.43 +
     1.44 +						message = g_strdup_printf(_("ICQ user %u has sent you a buddy: %s (%s)"), args->uin, text[i*2+2], text[i*2+1]);
     1.45 +
     1.46 +						data = g_new(struct name_data, 1);
     1.47 +						data->gc = gc;
     1.48 +						data->name = g_strdup(text[i*2+1]);
     1.49 +						data->nick = g_strdup(text[i*2+2]);
     1.50 +
     1.51 +						purple_request_action(gc, NULL, message,
     1.52 +								_("Do you want to add this buddy "
     1.53 +								  "to your buddy list?"),
     1.54 +								PURPLE_DEFAULT_ACTION_NONE,
     1.55 +								purple_connection_get_account(gc), data->name, NULL,
     1.56 +								data, 2,
     1.57 +								_("_Add"), G_CALLBACK(purple_icq_buddyadd),
     1.58 +								_("_Decline"), G_CALLBACK(oscar_free_name_data));
     1.59 +						g_free(message);
     1.60 +					}
     1.61 +				} else {
     1.62 +					gchar *tmp = g_strescape(args->msg, NULL);
     1.63 +					purple_debug_error("oscar", "Unknown syntax parsing "
     1.64 +							"ICQ buddies.  args->msg=%s\n", tmp);
     1.65 +					g_free(tmp);
     1.66  				}
     1.67  				g_strfreev(text);
     1.68  			}