Validate incoming Yahoo strings as UTF-8 before using them. release-2.x.y
authorMark Doliner <mark@kingant.net>
Sun, 19 Jan 2014 11:30:49 -0800
branchrelease-2.x.y
changesetb0345c25f886 pushlog
parent 956f247148db
child 7b080f86fcbc
Validate incoming Yahoo strings as UTF-8 before using them.
libpurple/protocols/yahoo/libymsg.c
libpurple/protocols/yahoo/yahoo_aliases.c
libpurple/protocols/yahoo/yahoo_filexfer.c
libpurple/protocols/yahoo/yahoo_friend.c
libpurple/protocols/yahoo/yahoo_picture.c
libpurple/protocols/yahoo/yahoochat.c
     1.1 --- a/libpurple/protocols/yahoo/libymsg.c
     1.2 +++ b/libpurple/protocols/yahoo/libymsg.c
     1.3 @@ -21,6 +21,12 @@
     1.4   *
     1.5   */
     1.6  
     1.7 +/*
     1.8 + * Note: When handling the list of struct yahoo_pair's from an incoming
     1.9 + * packet the value might not be UTF-8. You should either validate that
    1.10 + * it is UTF-8 using g_utf8_validate() or use yahoo_string_decode().
    1.11 + */
    1.12 +
    1.13  #include "internal.h"
    1.14  
    1.15  #include "account.h"
    1.16 @@ -592,14 +598,24 @@
    1.17  			yd->current_list15_grp = yahoo_string_decode(gc, pair->value, FALSE);
    1.18  			break;
    1.19  		case 7: /* buddy's s/n */
    1.20 -			g_free(temp);
    1.21 -			temp = g_strdup(purple_normalize(account, pair->value));
    1.22 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.23 +				g_free(temp);
    1.24 +				temp = g_strdup(purple_normalize(account, pair->value));
    1.25 +			} else {
    1.26 +				purple_debug_warning("yahoo", "yahoo_process_list_15 "
    1.27 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.28 +			}
    1.29  			break;
    1.30  		case 241: /* user on federated network */
    1.31  			fed = strtol(pair->value, NULL, 10);
    1.32  			break;
    1.33  		case 59: /* somebody told cookies come here too, but im not sure */
    1.34 -			yahoo_process_cookie(yd, pair->value);
    1.35 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.36 +				yahoo_process_cookie(yd, pair->value);
    1.37 +			} else {
    1.38 +				purple_debug_warning("yahoo", "yahoo_process_list_15 "
    1.39 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.40 +			}
    1.41  			break;
    1.42  		case 317: /* Stealth Setting */
    1.43  			stealth = strtol(pair->value, NULL, 10);
    1.44 @@ -662,22 +678,42 @@
    1.45  				g_string_append(yd->tmp_serv_blist, pair->value);
    1.46  			break;
    1.47  		case 88:
    1.48 -			if (!yd->tmp_serv_ilist)
    1.49 -				yd->tmp_serv_ilist = g_string_new(pair->value);
    1.50 -			else
    1.51 -				g_string_append(yd->tmp_serv_ilist, pair->value);
    1.52 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.53 +				if (!yd->tmp_serv_ilist)
    1.54 +					yd->tmp_serv_ilist = g_string_new(pair->value);
    1.55 +				else
    1.56 +					g_string_append(yd->tmp_serv_ilist, pair->value);
    1.57 +			} else {
    1.58 +				purple_debug_warning("yahoo", "yahoo_process_list "
    1.59 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.60 +			}
    1.61  			break;
    1.62  		case 89:
    1.63 -			yd->profiles = g_strsplit(pair->value, ",", -1);
    1.64 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.65 +				yd->profiles = g_strsplit(pair->value, ",", -1);
    1.66 +			} else {
    1.67 +				purple_debug_warning("yahoo", "yahoo_process_list "
    1.68 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.69 +			}
    1.70  			break;
    1.71  		case 59: /* cookies, yum */
    1.72 -			yahoo_process_cookie(yd, pair->value);
    1.73 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.74 +				yahoo_process_cookie(yd, pair->value);
    1.75 +			} else {
    1.76 +				purple_debug_warning("yahoo", "yahoo_process_list "
    1.77 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.78 +			}
    1.79  			break;
    1.80  		case YAHOO_SERVICE_PRESENCE_PERM:
    1.81 -			if (!yd->tmp_serv_plist)
    1.82 -				yd->tmp_serv_plist = g_string_new(pair->value);
    1.83 -			else
    1.84 -				g_string_append(yd->tmp_serv_plist, pair->value);
    1.85 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.86 +				if (!yd->tmp_serv_plist)
    1.87 +					yd->tmp_serv_plist = g_string_new(pair->value);
    1.88 +				else
    1.89 +					g_string_append(yd->tmp_serv_plist, pair->value);
    1.90 +			} else {
    1.91 +				purple_debug_warning("yahoo", "yahoo_process_list "
    1.92 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.93 +			}
    1.94  			break;
    1.95  		}
    1.96  	}
    1.97 @@ -700,6 +736,12 @@
    1.98  			grp = yahoo_string_decode(gc, split[0], FALSE);
    1.99  			buddies = g_strsplit(split[1], ",", -1);
   1.100  			for (bud = buddies; bud && *bud; bud++) {
   1.101 +				if (!g_utf8_validate(*bud, -1, NULL)) {
   1.102 +					purple_debug_warning("yahoo", "yahoo_process_list "
   1.103 +							"got non-UTF-8 string for bud\n");
   1.104 +					continue;
   1.105 +				}
   1.106 +
   1.107  				norm_bud = g_strdup(purple_normalize(account, *bud));
   1.108  				f = yahoo_friend_find_or_new(gc, norm_bud);
   1.109  
   1.110 @@ -794,14 +836,26 @@
   1.111  
   1.112  	while (l) {
   1.113  		struct yahoo_pair *pair = l->data;
   1.114 -		if (pair->key == 4 || pair->key == 1)
   1.115 -			from = pair->value;
   1.116 +		if (pair->key == 4 || pair->key == 1) {
   1.117 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.118 +				from = pair->value;
   1.119 +			} else {
   1.120 +				purple_debug_warning("yahoo", "yahoo_process_notify "
   1.121 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.122 +			}
   1.123 +		}
   1.124  		if (pair->key == 49)
   1.125  			msg = pair->value;
   1.126  		if (pair->key == 13)
   1.127  			stat = pair->value;
   1.128 -		if (pair->key == 14)
   1.129 -			game = pair->value;
   1.130 +		if (pair->key == 14) {
   1.131 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.132 +				game = pair->value;
   1.133 +			} else {
   1.134 +				purple_debug_warning("yahoo", "yahoo_process_notify "
   1.135 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.136 +			}
   1.137 +		}
   1.138  		if (pair->key == 11)
   1.139  			val_11 = strtol(pair->value, NULL, 10);
   1.140  		if (pair->key == 241)
   1.141 @@ -905,10 +959,15 @@
   1.142  	while (l != NULL) {
   1.143  		struct yahoo_pair *pair = l->data;
   1.144  		if (pair->key == 4) {
   1.145 -			sms = g_new0(struct _yahoo_im, 1);
   1.146 -			sms->from = g_strdup_printf("+%s", pair->value);
   1.147 -			sms->time = time(NULL);
   1.148 -			sms->utf8 = TRUE;
   1.149 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.150 +				sms = g_new0(struct _yahoo_im, 1);
   1.151 +				sms->from = g_strdup_printf("+%s", pair->value);
   1.152 +				sms->time = time(NULL);
   1.153 +				sms->utf8 = TRUE;
   1.154 +			} else {
   1.155 +				purple_debug_warning("yahoo", "yahoo_process_sms_message "
   1.156 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.157 +			}
   1.158  		}
   1.159  		if (pair->key == 14) {
   1.160  			if (sms)
   1.161 @@ -917,8 +976,14 @@
   1.162  		if (pair->key == 68)
   1.163  			if(sms)
   1.164  				g_hash_table_insert(yd->sms_carrier, g_strdup(sms->from), g_strdup(pair->value));
   1.165 -		if (pair->key == 16)
   1.166 -			server_msg = pair->value;
   1.167 +		if (pair->key == 16) {
   1.168 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.169 +				server_msg = pair->value;
   1.170 +			} else {
   1.171 +				purple_debug_warning("yahoo", "yahoo_process_sms_message "
   1.172 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.173 +			}
   1.174 +		}
   1.175  		l = l->next;
   1.176  	}
   1.177  
   1.178 @@ -972,13 +1037,18 @@
   1.179  		while (l != NULL) {
   1.180  			struct yahoo_pair *pair = l->data;
   1.181  			if (pair->key == 4 || pair->key == 1) {
   1.182 -				im = g_new0(struct _yahoo_im, 1);
   1.183 -				list = g_slist_append(list, im);
   1.184 -				im->from = pair->value;
   1.185 -				im->time = time(NULL);
   1.186 -				im->utf8 = TRUE;
   1.187 -				im->fed = YAHOO_FEDERATION_NONE;
   1.188 -				im->fed_from = g_strdup(im->from);
   1.189 +				if (g_utf8_validate(pair->value, -1, NULL)) {
   1.190 +					im = g_new0(struct _yahoo_im, 1);
   1.191 +					list = g_slist_append(list, im);
   1.192 +					im->from = pair->value;
   1.193 +					im->time = time(NULL);
   1.194 +					im->utf8 = TRUE;
   1.195 +					im->fed = YAHOO_FEDERATION_NONE;
   1.196 +					im->fed_from = g_strdup(im->from);
   1.197 +				} else {
   1.198 +					purple_debug_warning("yahoo", "yahoo_process_message "
   1.199 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.200 +				}
   1.201  			}
   1.202  			if (im && pair->key == 5)
   1.203  				im->active_id = pair->value;
   1.204 @@ -1034,7 +1104,7 @@
   1.205  				}
   1.206  			}
   1.207  			/* IMV key */
   1.208 -			if (im && pair->key == 63)
   1.209 +			if (im && pair->key == 63 && g_utf8_validate(pair->value, -1, NULL))
   1.210  			{
   1.211  				/* Check for the Doodle IMV, no IMvironment for federated buddies */
   1.212  				if (im->from != NULL && im->fed == YAHOO_FEDERATION_NONE)
   1.213 @@ -1170,10 +1240,22 @@
   1.214  	while (l) {
   1.215  		struct yahoo_pair *pair = l->data;
   1.216  
   1.217 -		if (pair->key == 5)
   1.218 -			me = pair->value;
   1.219 -		if (pair->key == 14)
   1.220 -			msg = pair->value;
   1.221 +		if (pair->key == 5) {
   1.222 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.223 +				me = pair->value;
   1.224 +			} else {
   1.225 +				purple_debug_warning("yahoo", "yahoo_process_sysmessage "
   1.226 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.227 +			}
   1.228 +		}
   1.229 +		if (pair->key == 14) {
   1.230 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.231 +				msg = pair->value;
   1.232 +			} else {
   1.233 +				purple_debug_warning("yahoo", "yahoo_process_sysmessage "
   1.234 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.235 +			}
   1.236 +		}
   1.237  
   1.238  		l = l->next;
   1.239  	}
   1.240 @@ -1331,7 +1413,12 @@
   1.241  
   1.242  			switch (pair->key) {
   1.243  			case 4:
   1.244 -				temp = pair->value;
   1.245 +				if (g_utf8_validate(pair->value, -1, NULL)) {
   1.246 +					temp = pair->value;
   1.247 +				} else {
   1.248 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
   1.249 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.250 +				}
   1.251  				break;
   1.252  			case 13:
   1.253  				response = strtol(pair->value, NULL, 10);
   1.254 @@ -1386,22 +1473,42 @@
   1.255  
   1.256  			switch (pair->key) {
   1.257  			case 4:
   1.258 -				temp = pair->value;
   1.259 +				if (g_utf8_validate(pair->value, -1, NULL)) {
   1.260 +					temp = pair->value;
   1.261 +				} else {
   1.262 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
   1.263 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.264 +				}
   1.265  				break;
   1.266  			case 5:
   1.267 -				add_req->id = g_strdup(pair->value);
   1.268 +				if (g_utf8_validate(pair->value, -1, NULL)) {
   1.269 +					add_req->id = g_strdup(pair->value);
   1.270 +				} else {
   1.271 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
   1.272 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.273 +				}
   1.274  				break;
   1.275  			case 14:
   1.276  				msg = pair->value;
   1.277  				break;
   1.278  			case 216:
   1.279 -				firstname = pair->value;
   1.280 +				if (g_utf8_validate(pair->value, -1, NULL)) {
   1.281 +					firstname = pair->value;
   1.282 +				} else {
   1.283 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
   1.284 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.285 +				}
   1.286  				break;
   1.287  			case 241:
   1.288  				add_req->fed = strtol(pair->value, NULL, 10);
   1.289  				break;
   1.290  			case 254:
   1.291 -				lastname = pair->value;
   1.292 +				if (g_utf8_validate(pair->value, -1, NULL)) {
   1.293 +					lastname = pair->value;
   1.294 +				} else {
   1.295 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
   1.296 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.297 +				}
   1.298  				break;
   1.299  
   1.300  			}
   1.301 @@ -1482,10 +1589,20 @@
   1.302  
   1.303  		switch (pair->key) {
   1.304  		case 1:
   1.305 -			add_req->id = g_strdup(pair->value);
   1.306 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.307 +				add_req->id = g_strdup(pair->value);
   1.308 +			} else {
   1.309 +					purple_debug_warning("yahoo", "yahoo_buddy_added_us "
   1.310 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.311 +			}
   1.312  			break;
   1.313  		case 3:
   1.314 -			add_req->who = g_strdup(pair->value);
   1.315 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.316 +				add_req->who = g_strdup(pair->value);
   1.317 +			} else {
   1.318 +					purple_debug_warning("yahoo", "yahoo_buddy_added_us "
   1.319 +							"got non-UTF-8 string for key %d\n", pair->key);
   1.320 +			}
   1.321  			break;
   1.322  		case 15: /* time, for when they add us and we're offline */
   1.323  			break;
   1.324 @@ -1537,10 +1654,20 @@
   1.325  
   1.326  		switch (pair->key) {
   1.327  		case 3:
   1.328 -			who = pair->value;
   1.329 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.330 +				who = pair->value;
   1.331 +			} else {
   1.332 +				purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old "
   1.333 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.334 +			}
   1.335  			break;
   1.336  		case 14:
   1.337 -			msg = pair->value;
   1.338 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.339 +				msg = pair->value;
   1.340 +			} else {
   1.341 +				purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old "
   1.342 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.343 +			}
   1.344  			break;
   1.345  		}
   1.346  		l = l->next;
   1.347 @@ -1637,12 +1764,28 @@
   1.348  		struct yahoo_pair *pair = l->data;
   1.349  		if (pair->key == 9)
   1.350  			count = strtol(pair->value, NULL, 10);
   1.351 -		else if (pair->key == 43)
   1.352 -			who = pair->value;
   1.353 -		else if (pair->key == 42)
   1.354 -			email = pair->value;
   1.355 -		else if (pair->key == 18)
   1.356 -			subj = pair->value;
   1.357 +		else if (pair->key == 43) {
   1.358 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.359 +				who = pair->value;
   1.360 +			} else {
   1.361 +				purple_debug_warning("yahoo", "yahoo_process_mail "
   1.362 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.363 +			}
   1.364 +		} else if (pair->key == 42) {
   1.365 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.366 +				email = pair->value;
   1.367 +			} else {
   1.368 +				purple_debug_warning("yahoo", "yahoo_process_mail "
   1.369 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.370 +			}
   1.371 +		} else if (pair->key == 18) {
   1.372 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.373 +				subj = pair->value;
   1.374 +			} else {
   1.375 +				purple_debug_warning("yahoo", "yahoo_process_mail "
   1.376 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.377 +			}
   1.378 +		}
   1.379  		l = l->next;
   1.380  	}
   1.381  
   1.382 @@ -2077,10 +2220,22 @@
   1.383  
   1.384  	while (l) {
   1.385  		struct yahoo_pair *pair = l->data;
   1.386 -		if (pair->key == 94)
   1.387 -			seed = pair->value;
   1.388 -		if (pair->key == 1)
   1.389 -			sn = pair->value;
   1.390 +		if (pair->key == 94) {
   1.391 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.392 +				seed = pair->value;
   1.393 +			} else {
   1.394 +				purple_debug_warning("yahoo", "yahoo_process_auth "
   1.395 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.396 +			}
   1.397 +		}
   1.398 +		if (pair->key == 1) {
   1.399 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.400 +				sn = pair->value;
   1.401 +			} else {
   1.402 +				purple_debug_warning("yahoo", "yahoo_process_auth "
   1.403 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.404 +			}
   1.405 +		}
   1.406  		if (pair->key == 13)
   1.407  			m = atoi(pair->value);
   1.408  		l = l->next;
   1.409 @@ -2152,10 +2307,20 @@
   1.410  		struct yahoo_pair *pair = l->data;
   1.411  		switch (pair->key) {
   1.412  		case 0:
   1.413 -			who = pair->value;
   1.414 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.415 +				who = pair->value;
   1.416 +			} else {
   1.417 +				purple_debug_warning("yahoo", "yahoo_process_ignore "
   1.418 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.419 +			}
   1.420  			break;
   1.421  		case 1:
   1.422 -			me = pair->value;
   1.423 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.424 +				me = pair->value;
   1.425 +			} else {
   1.426 +				purple_debug_warning("yahoo", "yahoo_process_ignore "
   1.427 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.428 +			}
   1.429  			break;
   1.430  		case 13:
   1.431  			/* 1 == ignore, 2 == unignore */
   1.432 @@ -2224,8 +2389,14 @@
   1.433  
   1.434  		if (pair->key == 66)
   1.435  			err = strtol(pair->value, NULL, 10);
   1.436 -		else if (pair->key == 20)
   1.437 -			url = pair->value;
   1.438 +		else if (pair->key == 20) {
   1.439 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.440 +				url = pair->value;
   1.441 +			} else {
   1.442 +				purple_debug_warning("yahoo", "yahoo_process_authresp "
   1.443 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.444 +			}
   1.445 +		}
   1.446  
   1.447  		l = l->next;
   1.448  	}
   1.449 @@ -2313,7 +2484,12 @@
   1.450  			err = strtol(pair->value, NULL, 10);
   1.451  			break;
   1.452  		case 7:
   1.453 -			temp = pair->value;
   1.454 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.455 +				temp = pair->value;
   1.456 +			} else {
   1.457 +				purple_debug_warning("yahoo", "yahoo_process_addbuddy "
   1.458 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.459 +			}
   1.460  			break;
   1.461  		case 65:
   1.462  			group = pair->value;
   1.463 @@ -2470,11 +2646,16 @@
   1.464  
   1.465  		switch (pair->key) {
   1.466  		case 4:
   1.467 -			who = pair->value;
   1.468 -			if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) {
   1.469 -				/* from whom are we receiving the packets ?? */
   1.470 -				purple_debug_warning("yahoo","p2p: received data from wrong user\n");
   1.471 -				return;
   1.472 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.473 +				who = pair->value;
   1.474 +				if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) {
   1.475 +					/* from whom are we receiving the packets ?? */
   1.476 +					purple_debug_warning("yahoo","p2p: received data from wrong user\n");
   1.477 +					return;
   1.478 +				}
   1.479 +			} else {
   1.480 +				purple_debug_warning("yahoo", "yahoo_p2p_process_p2pfilexfer "
   1.481 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.482  			}
   1.483  			break;
   1.484  		case 13:
   1.485 @@ -2863,15 +3044,25 @@
   1.486  			/* our identity */
   1.487  			break;
   1.488  		case 4:
   1.489 -			who = pair->value;
   1.490 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.491 +				who = pair->value;
   1.492 +			} else {
   1.493 +				purple_debug_warning("yahoo", "yahoo_process_p2p "
   1.494 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.495 +			}
   1.496  			break;
   1.497  		case 1:
   1.498  			/* who again, the master identity this time? */
   1.499  			break;
   1.500  		case 12:
   1.501 -			base64 = pair->value;
   1.502 -			/* so, this is an ip address. in base64. decoded it's in ascii.
   1.503 -			   after strtol, it's in reversed byte order. Who thought this up?*/
   1.504 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.505 +				base64 = pair->value;
   1.506 +				/* so, this is an ip address. in base64. decoded it's in ascii.
   1.507 +				   after strtol, it's in reversed byte order. Who thought this up?*/
   1.508 +			} else {
   1.509 +				purple_debug_warning("yahoo", "yahoo_process_p2p "
   1.510 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.511 +			}
   1.512  			break;
   1.513  		case 13:
   1.514  			val_13 = strtol(pair->value, NULL, 10);
   1.515 @@ -2960,7 +3151,12 @@
   1.516  
   1.517  		switch (pair->key) {
   1.518  		case 4:
   1.519 -			who = pair->value;
   1.520 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.521 +				who = pair->value;
   1.522 +			} else {
   1.523 +				purple_debug_warning("yahoo", "yahoo_process_audible "
   1.524 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.525 +			}
   1.526  			break;
   1.527  		case 5:
   1.528  			/* us */
   1.529 @@ -2968,11 +3164,21 @@
   1.530  		case 230:
   1.531  			/* the audible, in foo.locale.bar.baz format
   1.532  			   eg: base.tw.smiley.smiley43 */
   1.533 -			id = pair->value;
   1.534 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.535 +				id = pair->value;
   1.536 +			} else {
   1.537 +				purple_debug_warning("yahoo", "yahoo_process_audible "
   1.538 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.539 +			}
   1.540  			break;
   1.541  		case 231:
   1.542  			/* the text of the audible */
   1.543 -			msg = pair->value;
   1.544 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   1.545 +				msg = pair->value;
   1.546 +			} else {
   1.547 +				purple_debug_warning("yahoo", "yahoo_process_audible "
   1.548 +						"got non-UTF-8 string for key %d\n", pair->key);
   1.549 +			}
   1.550  			break;
   1.551  		case 232:
   1.552  			/* SHA-1 hash of audible SWF file (eg: 4e8691499d9c0fb8374478ff9720f4a9ea4a4915) */
     2.1 --- a/libpurple/protocols/yahoo/yahoo_aliases.c
     2.2 +++ b/libpurple/protocols/yahoo/yahoo_aliases.c
     2.3 @@ -696,8 +696,14 @@
     2.4  		struct yahoo_pair *pair = l->data;
     2.5  		switch (pair->key) {
     2.6  			case 4:
     2.7 -				who = pair->value;	/* This is the person who sent us the details.
     2.8 -									   But not necessarily about himself. */
     2.9 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    2.10 +					/* This is the person who sent us the details.
    2.11 +					   But not necessarily about himself. */
    2.12 +					who = pair->value;
    2.13 +				} else {
    2.14 +					purple_debug_warning("yahoo", "yahoo_process_contact_details "
    2.15 +							"got non-UTF-8 string for key %d\n", pair->key);
    2.16 +				}
    2.17  				break;
    2.18  			case 5:
    2.19  				break;
    2.20 @@ -709,8 +715,13 @@
    2.21  				   and look into the xml instead to see who the information is about. */
    2.22  				break;
    2.23  			case 280:
    2.24 -				xml = pair->value;
    2.25 -				parse_contact_details(yd, who, xml);
    2.26 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    2.27 +					xml = pair->value;
    2.28 +					parse_contact_details(yd, who, xml);
    2.29 +				} else {
    2.30 +					purple_debug_warning("yahoo", "yahoo_process_contact_details "
    2.31 +							"got non-UTF-8 string for key %d\n", pair->key);
    2.32 +				}
    2.33  				break;
    2.34  		}
    2.35  	}
     3.1 --- a/libpurple/protocols/yahoo/yahoo_filexfer.c
     3.2 +++ b/libpurple/protocols/yahoo/yahoo_filexfer.c
     3.3 @@ -749,25 +749,60 @@
     3.4  
     3.5  		switch(pair->key) {
     3.6  		case 5:         /* Get who the packet is for */
     3.7 -			me = pair->value;
     3.8 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.9 +				me = pair->value;
    3.10 +			} else {
    3.11 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.12 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.13 +			}
    3.14  			break;
    3.15  		case 4:         /* Get who the packet is from */
    3.16 -			from = pair->value;
    3.17 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.18 +				from = pair->value;
    3.19 +			} else {
    3.20 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.21 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.22 +			}
    3.23  			break;
    3.24  		case 49:        /* Get the type of service */
    3.25 -			service = pair->value;
    3.26 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.27 +				service = pair->value;
    3.28 +			} else {
    3.29 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.30 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.31 +			}
    3.32  			break;
    3.33  		case 14:        /* Get the 'message' of the packet */
    3.34 -			message = pair->value;
    3.35 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.36 +				message = pair->value;
    3.37 +			} else {
    3.38 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.39 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.40 +			}
    3.41  			break;
    3.42  		case 13:        /* Get the command associated with this packet */
    3.43 -			command = pair->value;
    3.44 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.45 +				command = pair->value;
    3.46 +			} else {
    3.47 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.48 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.49 +			}
    3.50  			break;
    3.51  		case 63:        /* IMVironment name and version */
    3.52 -			imv = pair->value;
    3.53 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.54 +				imv = pair->value;
    3.55 +			} else {
    3.56 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.57 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.58 +			}
    3.59  			break;
    3.60  		case 64:        /* Not sure, but it does vary with initialization of Doodle */
    3.61 -			unknown = pair->value; /* So, I'll keep it (for a little while atleast) */
    3.62 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.63 +				unknown = pair->value; /* So, I'll keep it (for a little while atleast) */
    3.64 +			} else {
    3.65 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
    3.66 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.67 +			}
    3.68  			break;
    3.69  		}
    3.70  
    3.71 @@ -813,16 +848,36 @@
    3.72  
    3.73  		switch (pair->key) {
    3.74  		case 4:
    3.75 -			from = pair->value;
    3.76 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.77 +				from = pair->value;
    3.78 +			} else {
    3.79 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
    3.80 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.81 +			}
    3.82  			break;
    3.83  		case 5:
    3.84 -			to = pair->value;
    3.85 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.86 +				to = pair->value;
    3.87 +			} else {
    3.88 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
    3.89 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.90 +			}
    3.91  			break;
    3.92  		case 14:
    3.93 -			msg = pair->value;
    3.94 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.95 +				msg = pair->value;
    3.96 +			} else {
    3.97 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
    3.98 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.99 +			}
   3.100  			break;
   3.101  		case 20:
   3.102 -			url = pair->value;
   3.103 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.104 +				url = pair->value;
   3.105 +			} else {
   3.106 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
   3.107 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.108 +			}
   3.109  			break;
   3.110  		case 38:
   3.111  			expires = strtol(pair->value, NULL, 10);
   3.112 @@ -834,10 +889,20 @@
   3.113  			filesize = atol(pair->value);
   3.114  			break;
   3.115  		case 49:
   3.116 -			service = pair->value;
   3.117 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.118 +				service = pair->value;
   3.119 +			} else {
   3.120 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
   3.121 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.122 +			}
   3.123  			break;
   3.124  		case 63:
   3.125 -			imv = pair->value;
   3.126 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.127 +				imv = pair->value;
   3.128 +			} else {
   3.129 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
   3.130 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.131 +			}
   3.132  			break;
   3.133  		}
   3.134  	}
   3.135 @@ -1616,20 +1681,40 @@
   3.136  
   3.137  		switch (pair->key) {
   3.138  		case 4:
   3.139 -			from = pair->value;
   3.140 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.141 +				from = pair->value;
   3.142 +			} else {
   3.143 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
   3.144 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.145 +			}
   3.146  			break;
   3.147  		case 5:
   3.148 -			to = pair->value;
   3.149 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.150 +				to = pair->value;
   3.151 +			} else {
   3.152 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
   3.153 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.154 +			}
   3.155  			break;
   3.156  		case 265:
   3.157 -			xfer_peer_idstring = pair->value;
   3.158 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.159 +				xfer_peer_idstring = pair->value;
   3.160 +			} else {
   3.161 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
   3.162 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.163 +			}
   3.164  			break;
   3.165  		case 27:
   3.166  			filename_list = g_slist_prepend(filename_list, g_strdup(pair->value));
   3.167  			nooffiles++;
   3.168  			break;
   3.169  		case 28:
   3.170 -			size_list = g_slist_prepend(size_list, g_strdup(pair->value));
   3.171 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.172 +				size_list = g_slist_prepend(size_list, g_strdup(pair->value));
   3.173 +			} else {
   3.174 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
   3.175 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.176 +			}
   3.177  			break;
   3.178  		case 222:
   3.179  			val_222 = atol(pair->value);
   3.180 @@ -1638,10 +1723,20 @@
   3.181  
   3.182  		/* check for p2p and imviron .... not sure it comes by this service packet. Since it was bundled with filexfer in old ymsg version, still keeping it. */
   3.183  		case 49:
   3.184 -			service = pair->value;
   3.185 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.186 +				service = pair->value;
   3.187 +			} else {
   3.188 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
   3.189 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.190 +			}
   3.191  			break;
   3.192  		case 63:
   3.193 -			imv = pair->value;
   3.194 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.195 +				imv = pair->value;
   3.196 +			} else {
   3.197 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
   3.198 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.199 +			}
   3.200  			break;
   3.201  		/* end check */
   3.202  
   3.203 @@ -1803,7 +1898,12 @@
   3.204  			to = pair->value;
   3.205  			break;
   3.206  		case 265:
   3.207 -			xfer_peer_idstring = pair->value;
   3.208 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.209 +				xfer_peer_idstring = pair->value;
   3.210 +			} else {
   3.211 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
   3.212 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.213 +			}
   3.214  			break;
   3.215  		case 27:
   3.216  			filename = pair->value;
   3.217 @@ -1816,10 +1916,20 @@
   3.218  			/* 249 has value 1 or 2 when doing p2p transfer and value 3 when relaying through yahoo server */
   3.219  			break;
   3.220  		case 250:
   3.221 -			url = pair->value;
   3.222 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.223 +				url = pair->value;
   3.224 +			} else {
   3.225 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
   3.226 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.227 +			}
   3.228  			break;
   3.229  		case 251:
   3.230 -			xfer_idstring_for_relay = pair->value;
   3.231 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.232 +				xfer_idstring_for_relay = pair->value;
   3.233 +			} else {
   3.234 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
   3.235 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.236 +			}
   3.237  			break;
   3.238  		}
   3.239  	}
   3.240 @@ -1902,10 +2012,20 @@
   3.241  
   3.242  		switch (pair->key) {
   3.243  		case 251:
   3.244 -			xfer_idstring_for_relay = pair->value;
   3.245 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.246 +				xfer_idstring_for_relay = pair->value;
   3.247 +			} else {
   3.248 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
   3.249 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.250 +			}
   3.251  			break;
   3.252  		case 265:
   3.253 -			xfer_peer_idstring = pair->value;
   3.254 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.255 +				xfer_peer_idstring = pair->value;
   3.256 +			} else {
   3.257 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
   3.258 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.259 +			}
   3.260  			break;
   3.261  		case 66:
   3.262  			val_66 = atol(pair->value);
   3.263 @@ -1914,7 +2034,13 @@
   3.264  			val_249 = atol(pair->value);
   3.265  			break;
   3.266  		case 250:
   3.267 -			url = pair->value;	/* we get a p2p url here when sending file, connected as client */
   3.268 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   3.269 +				/* we get a p2p url here when sending file, connected as client */
   3.270 +				url = pair->value;
   3.271 +			} else {
   3.272 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
   3.273 +						"got non-UTF-8 string for key %d\n", pair->key);
   3.274 +			}
   3.275  			break;
   3.276  		}
   3.277  	}
     4.1 --- a/libpurple/protocols/yahoo/yahoo_friend.c
     4.2 +++ b/libpurple/protocols/yahoo/yahoo_friend.c
     4.3 @@ -158,7 +158,12 @@
     4.4  
     4.5  		switch (pair->key) {
     4.6  			case 7:
     4.7 -				temp = pair->value;
     4.8 +				if (g_utf8_validate(pair->value, -1, NULL)) {
     4.9 +					temp = pair->value;
    4.10 +				} else {
    4.11 +					purple_debug_warning("yahoo", "yahoo_process_presence "
    4.12 +							"got non-UTF-8 string for key %d\n", pair->key);
    4.13 +				}
    4.14  				break;
    4.15  			case 31:
    4.16  				value = strtol(pair->value, NULL, 10);
     5.1 --- a/libpurple/protocols/yahoo/yahoo_picture.c
     5.2 +++ b/libpurple/protocols/yahoo/yahoo_picture.c
     5.3 @@ -84,10 +84,20 @@
     5.4  		switch (pair->key) {
     5.5  		case 1:
     5.6  		case 4:
     5.7 -			who = pair->value;
     5.8 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     5.9 +				who = pair->value;
    5.10 +			} else {
    5.11 +				purple_debug_warning("yahoo", "yahoo_process_picture "
    5.12 +						"got non-UTF-8 string for key %d\n", pair->key);
    5.13 +			}
    5.14  			break;
    5.15  		case 5:
    5.16 -			us = pair->value;
    5.17 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    5.18 +				us = pair->value;
    5.19 +			} else {
    5.20 +				purple_debug_warning("yahoo", "yahoo_process_picture "
    5.21 +						"got non-UTF-8 string for key %d\n", pair->key);
    5.22 +			}
    5.23  			break;
    5.24  		case 13: {
    5.25  				int tmp;
    5.26 @@ -100,7 +110,12 @@
    5.27  				break;
    5.28  			}
    5.29  		case 20:
    5.30 -			url = pair->value;
    5.31 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    5.32 +				url = pair->value;
    5.33 +			} else {
    5.34 +				purple_debug_warning("yahoo", "yahoo_process_picture "
    5.35 +						"got non-UTF-8 string for key %d\n", pair->key);
    5.36 +			}
    5.37  			break;
    5.38  		case 192:
    5.39  			checksum = strtol(pair->value, NULL, 10);
    5.40 @@ -154,7 +169,12 @@
    5.41  
    5.42  		switch (pair->key) {
    5.43  		case 4:
    5.44 -			who = pair->value;
    5.45 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    5.46 +				who = pair->value;
    5.47 +			} else {
    5.48 +				purple_debug_warning("yahoo", "yahoo_process_picture_checksum "
    5.49 +						"got non-UTF-8 string for key %d\n", pair->key);
    5.50 +			}
    5.51  			break;
    5.52  		case 5:
    5.53  			/* us */
    5.54 @@ -197,7 +217,12 @@
    5.55  			/* filename on our computer. */
    5.56  			break;
    5.57  		case 20: /* url at yahoo */
    5.58 -			url = pair->value;
    5.59 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    5.60 +				url = pair->value;
    5.61 +			} else {
    5.62 +				purple_debug_warning("yahoo", "yahoo_process_picture_upload "
    5.63 +						"got non-UTF-8 string for key %d\n", pair->key);
    5.64 +			}
    5.65  		case 38: /* timestamp */
    5.66  			break;
    5.67  		}
    5.68 @@ -225,7 +250,12 @@
    5.69  
    5.70  		switch (pair->key) {
    5.71  		case 4:
    5.72 -			who = pair->value;
    5.73 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    5.74 +				who = pair->value;
    5.75 +			} else {
    5.76 +				purple_debug_warning("yahoo", "yahoo_process_avatar_upload "
    5.77 +						"got non-UTF-8 string for key %d\n", pair->key);
    5.78 +			}
    5.79  			break;
    5.80  		case 5:
    5.81  			/* us */
     6.1 --- a/libpurple/protocols/yahoo/yahoochat.c
     6.2 +++ b/libpurple/protocols/yahoo/yahoochat.c
     6.3 @@ -156,15 +156,25 @@
     6.4  			room = yahoo_string_decode(gc, pair->value, FALSE);
     6.5  			break;
     6.6  		case 50: /* inviter */
     6.7 -			who = pair->value;
     6.8 -			g_string_append_printf(members, "%s\n", who);
     6.9 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.10 +				who = pair->value;
    6.11 +				g_string_append_printf(members, "%s\n", who);
    6.12 +			} else {
    6.13 +				purple_debug_warning("yahoo", "yahoo_process_conference_invite "
    6.14 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.15 +			}
    6.16  			break;
    6.17  		case 51: /* This user is being invited to the conference. Comes with status = 11, so we wont reach here */
    6.18  			break;
    6.19  		case 52: /* Invited users. Assuming us invited, since we got this packet */
    6.20  			break; /* break needed, or else we add the users to the conference before they accept the invitation */
    6.21  		case 53: /* members who have already joined the conference */
    6.22 -			g_string_append_printf(members, "%s\n", pair->value);
    6.23 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.24 +				g_string_append_printf(members, "%s\n", pair->value);
    6.25 +			} else {
    6.26 +				purple_debug_warning("yahoo", "yahoo_process_conference_invite "
    6.27 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.28 +			}
    6.29  			break;
    6.30  		case 58:
    6.31  			g_free(msg);
    6.32 @@ -220,7 +230,12 @@
    6.33  			room = yahoo_string_decode(gc, pair->value, FALSE);
    6.34  			break;
    6.35  		case 54:
    6.36 -			who = pair->value;
    6.37 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.38 +				who = pair->value;
    6.39 +			} else {
    6.40 +				purple_debug_warning("yahoo", "yahoo_process_conference_decline "
    6.41 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.42 +			}
    6.43  			break;
    6.44  		case 14:
    6.45  			g_free(msg);
    6.46 @@ -277,7 +292,12 @@
    6.47  			room = yahoo_string_decode(gc, pair->value, FALSE);
    6.48  			break;
    6.49  		case 53:
    6.50 -			who = pair->value;
    6.51 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.52 +				who = pair->value;
    6.53 +			} else {
    6.54 +				purple_debug_warning("yahoo", "yahoo_process_conference_logon "
    6.55 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.56 +			}
    6.57  			break;
    6.58  		}
    6.59  	}
    6.60 @@ -309,7 +329,12 @@
    6.61  			room = yahoo_string_decode(gc, pair->value, FALSE);
    6.62  			break;
    6.63  		case 56:
    6.64 -			who = pair->value;
    6.65 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.66 +				who = pair->value;
    6.67 +			} else {
    6.68 +				purple_debug_warning("yahoo", "yahoo_process_conference_logoff "
    6.69 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.70 +			}
    6.71  			break;
    6.72  		}
    6.73  	}
    6.74 @@ -340,7 +365,12 @@
    6.75  			room = yahoo_string_decode(gc, pair->value, FALSE);
    6.76  			break;
    6.77  		case 3:
    6.78 -			who = pair->value;
    6.79 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.80 +				who = pair->value;
    6.81 +			} else {
    6.82 +				purple_debug_warning("yahoo", "yahoo_process_conference_message "
    6.83 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.84 +			}
    6.85  			break;
    6.86  		case 14:
    6.87  			msg = pair->value;
    6.88 @@ -506,18 +536,38 @@
    6.89  			topic = yahoo_string_decode(gc, pair->value, TRUE);
    6.90  			break;
    6.91  		case 128:
    6.92 -			someid = pair->value;
    6.93 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.94 +				someid = pair->value;
    6.95 +			} else {
    6.96 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
    6.97 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.98 +			}
    6.99  			break;
   6.100  		case 108: /* number of joiners */
   6.101  			break;
   6.102  		case 129:
   6.103 -			someotherid = pair->value;
   6.104 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.105 +				someotherid = pair->value;
   6.106 +			} else {
   6.107 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
   6.108 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.109 +			}
   6.110  			break;
   6.111  		case 130:
   6.112 -			somebase64orhashosomething = pair->value;
   6.113 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.114 +				somebase64orhashosomething = pair->value;
   6.115 +			} else {
   6.116 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
   6.117 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.118 +			}
   6.119  			break;
   6.120  		case 126:
   6.121 -			somenegativenumber = pair->value;
   6.122 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.123 +				somenegativenumber = pair->value;
   6.124 +			} else {
   6.125 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
   6.126 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.127 +			}
   6.128  			break;
   6.129  		case 13: /* this is 1. maybe its the type of room? (normal, user created, private, etc?) */
   6.130  			break;
   6.131 @@ -528,7 +578,12 @@
   6.132  		   info about individual room members, (including us) */
   6.133  
   6.134  		case 109: /* the yahoo id */
   6.135 -			members = g_list_append(members, pair->value);
   6.136 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.137 +				members = g_list_append(members, pair->value);
   6.138 +			} else {
   6.139 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
   6.140 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.141 +			}
   6.142  			break;
   6.143  		case 110: /* age */
   6.144  			break;
   6.145 @@ -625,8 +680,14 @@
   6.146  			g_free(room);
   6.147  			room = yahoo_string_decode(gc, pair->value, TRUE);
   6.148  		}
   6.149 -		if (pair->key == 109)
   6.150 -			who = pair->value;
   6.151 +		if (pair->key == 109) {
   6.152 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.153 +				who = pair->value;
   6.154 +			} else {
   6.155 +				purple_debug_warning("yahoo", "yahoo_process_chat_exit "
   6.156 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.157 +			}
   6.158 +		}
   6.159  	}
   6.160  
   6.161  	if (who && room) {
   6.162 @@ -658,10 +719,20 @@
   6.163  			room = yahoo_string_decode(gc, pair->value, TRUE);
   6.164  			break;
   6.165  		case 109:
   6.166 -			who = pair->value;
   6.167 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.168 +				who = pair->value;
   6.169 +			} else {
   6.170 +				purple_debug_warning("yahoo", "yahoo_process_chat_message "
   6.171 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.172 +			}
   6.173  			break;
   6.174  		case 117:
   6.175 -			msg = pair->value;
   6.176 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.177 +				msg = pair->value;
   6.178 +			} else {
   6.179 +				purple_debug_warning("yahoo", "yahoo_process_chat_message "
   6.180 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.181 +			}
   6.182  			break;
   6.183  		case 124:
   6.184  			msgtype = strtol(pair->value, NULL, 10);
   6.185 @@ -724,7 +795,12 @@
   6.186  			msg = yahoo_string_decode(gc, pair->value, FALSE);
   6.187  			break;
   6.188  		case 119:
   6.189 -			who = pair->value;
   6.190 +			if (g_utf8_validate(pair->value, -1, NULL)) {
   6.191 +				who = pair->value;
   6.192 +			} else {
   6.193 +				purple_debug_warning("yahoo", "yahoo_process_chat_addinvite "
   6.194 +						"got non-UTF-8 string for key %d\n", pair->key);
   6.195 +			}
   6.196  			break;
   6.197  		case 118: /* us */
   6.198  			break;