Validate incoming Yahoo strings as UTF-8 before using them. release-2.x.y
authorMark Doliner <mark@kingant.net>
Sun, 19 Jan 2014 11:30:49 -0800
branchrelease-2.x.y
changesetb0345c25f886 pushlog
parent 956f247148db
child 7b080f86fcbc
Validate incoming Yahoo strings as UTF-8 before using them.
libpurple/protocols/yahoo/libymsg.c
libpurple/protocols/yahoo/yahoo_aliases.c
libpurple/protocols/yahoo/yahoo_filexfer.c
libpurple/protocols/yahoo/yahoo_friend.c
libpurple/protocols/yahoo/yahoo_picture.c
libpurple/protocols/yahoo/yahoochat.c
      1.1 --- a/libpurple/protocols/yahoo/libymsg.c
      1.2 +++ b/libpurple/protocols/yahoo/libymsg.c
      1.3 @@ -21,6 +21,12 @@
      1.4   *
      1.5   */
      1.6  
      1.7 +/*
      1.8 + * Note: When handling the list of struct yahoo_pair's from an incoming
      1.9 + * packet the value might not be UTF-8. You should either validate that
     1.10 + * it is UTF-8 using g_utf8_validate() or use yahoo_string_decode().
     1.11 + */
     1.12 +
     1.13  #include "internal.h"
     1.14  
     1.15  #include "account.h"
     1.16 @@ -592,14 +598,24 @@
     1.17  			yd->current_list15_grp = yahoo_string_decode(gc, pair->value, FALSE);
     1.18  			break;
     1.19  		case 7: /* buddy's s/n */
     1.20 -			g_free(temp);
     1.21 -			temp = g_strdup(purple_normalize(account, pair->value));
     1.22 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     1.23 +				g_free(temp);
     1.24 +				temp = g_strdup(purple_normalize(account, pair->value));
     1.25 +			} else {
     1.26 +				purple_debug_warning("yahoo", "yahoo_process_list_15 "
     1.27 +						"got non-UTF-8 string for key %d\n", pair->key);
     1.28 +			}
     1.29  			break;
     1.30  		case 241: /* user on federated network */
     1.31  			fed = strtol(pair->value, NULL, 10);
     1.32  			break;
     1.33  		case 59: /* somebody told cookies come here too, but im not sure */
     1.34 -			yahoo_process_cookie(yd, pair->value);
     1.35 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     1.36 +				yahoo_process_cookie(yd, pair->value);
     1.37 +			} else {
     1.38 +				purple_debug_warning("yahoo", "yahoo_process_list_15 "
     1.39 +						"got non-UTF-8 string for key %d\n", pair->key);
     1.40 +			}
     1.41  			break;
     1.42  		case 317: /* Stealth Setting */
     1.43  			stealth = strtol(pair->value, NULL, 10);
     1.44 @@ -662,22 +678,42 @@
     1.45  				g_string_append(yd->tmp_serv_blist, pair->value);
     1.46  			break;
     1.47  		case 88:
     1.48 -			if (!yd->tmp_serv_ilist)
     1.49 -				yd->tmp_serv_ilist = g_string_new(pair->value);
     1.50 -			else
     1.51 -				g_string_append(yd->tmp_serv_ilist, pair->value);
     1.52 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     1.53 +				if (!yd->tmp_serv_ilist)
     1.54 +					yd->tmp_serv_ilist = g_string_new(pair->value);
     1.55 +				else
     1.56 +					g_string_append(yd->tmp_serv_ilist, pair->value);
     1.57 +			} else {
     1.58 +				purple_debug_warning("yahoo", "yahoo_process_list "
     1.59 +						"got non-UTF-8 string for key %d\n", pair->key);
     1.60 +			}
     1.61  			break;
     1.62  		case 89:
     1.63 -			yd->profiles = g_strsplit(pair->value, ",", -1);
     1.64 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     1.65 +				yd->profiles = g_strsplit(pair->value, ",", -1);
     1.66 +			} else {
     1.67 +				purple_debug_warning("yahoo", "yahoo_process_list "
     1.68 +						"got non-UTF-8 string for key %d\n", pair->key);
     1.69 +			}
     1.70  			break;
     1.71  		case 59: /* cookies, yum */
     1.72 -			yahoo_process_cookie(yd, pair->value);
     1.73 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     1.74 +				yahoo_process_cookie(yd, pair->value);
     1.75 +			} else {
     1.76 +				purple_debug_warning("yahoo", "yahoo_process_list "
     1.77 +						"got non-UTF-8 string for key %d\n", pair->key);
     1.78 +			}
     1.79  			break;
     1.80  		case YAHOO_SERVICE_PRESENCE_PERM:
     1.81 -			if (!yd->tmp_serv_plist)
     1.82 -				yd->tmp_serv_plist = g_string_new(pair->value);
     1.83 -			else
     1.84 -				g_string_append(yd->tmp_serv_plist, pair->value);
     1.85 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     1.86 +				if (!yd->tmp_serv_plist)
     1.87 +					yd->tmp_serv_plist = g_string_new(pair->value);
     1.88 +				else
     1.89 +					g_string_append(yd->tmp_serv_plist, pair->value);
     1.90 +			} else {
     1.91 +				purple_debug_warning("yahoo", "yahoo_process_list "
     1.92 +						"got non-UTF-8 string for key %d\n", pair->key);
     1.93 +			}
     1.94  			break;
     1.95  		}
     1.96  	}
     1.97 @@ -700,6 +736,12 @@
     1.98  			grp = yahoo_string_decode(gc, split[0], FALSE);
     1.99  			buddies = g_strsplit(split[1], ",", -1);
    1.100  			for (bud = buddies; bud && *bud; bud++) {
    1.101 +				if (!g_utf8_validate(*bud, -1, NULL)) {
    1.102 +					purple_debug_warning("yahoo", "yahoo_process_list "
    1.103 +							"got non-UTF-8 string for bud\n");
    1.104 +					continue;
    1.105 +				}
    1.106 +
    1.107  				norm_bud = g_strdup(purple_normalize(account, *bud));
    1.108  				f = yahoo_friend_find_or_new(gc, norm_bud);
    1.109  
    1.110 @@ -794,14 +836,26 @@
    1.111  
    1.112  	while (l) {
    1.113  		struct yahoo_pair *pair = l->data;
    1.114 -		if (pair->key == 4 || pair->key == 1)
    1.115 -			from = pair->value;
    1.116 +		if (pair->key == 4 || pair->key == 1) {
    1.117 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.118 +				from = pair->value;
    1.119 +			} else {
    1.120 +				purple_debug_warning("yahoo", "yahoo_process_notify "
    1.121 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.122 +			}
    1.123 +		}
    1.124  		if (pair->key == 49)
    1.125  			msg = pair->value;
    1.126  		if (pair->key == 13)
    1.127  			stat = pair->value;
    1.128 -		if (pair->key == 14)
    1.129 -			game = pair->value;
    1.130 +		if (pair->key == 14) {
    1.131 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.132 +				game = pair->value;
    1.133 +			} else {
    1.134 +				purple_debug_warning("yahoo", "yahoo_process_notify "
    1.135 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.136 +			}
    1.137 +		}
    1.138  		if (pair->key == 11)
    1.139  			val_11 = strtol(pair->value, NULL, 10);
    1.140  		if (pair->key == 241)
    1.141 @@ -905,10 +959,15 @@
    1.142  	while (l != NULL) {
    1.143  		struct yahoo_pair *pair = l->data;
    1.144  		if (pair->key == 4) {
    1.145 -			sms = g_new0(struct _yahoo_im, 1);
    1.146 -			sms->from = g_strdup_printf("+%s", pair->value);
    1.147 -			sms->time = time(NULL);
    1.148 -			sms->utf8 = TRUE;
    1.149 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.150 +				sms = g_new0(struct _yahoo_im, 1);
    1.151 +				sms->from = g_strdup_printf("+%s", pair->value);
    1.152 +				sms->time = time(NULL);
    1.153 +				sms->utf8 = TRUE;
    1.154 +			} else {
    1.155 +				purple_debug_warning("yahoo", "yahoo_process_sms_message "
    1.156 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.157 +			}
    1.158  		}
    1.159  		if (pair->key == 14) {
    1.160  			if (sms)
    1.161 @@ -917,8 +976,14 @@
    1.162  		if (pair->key == 68)
    1.163  			if(sms)
    1.164  				g_hash_table_insert(yd->sms_carrier, g_strdup(sms->from), g_strdup(pair->value));
    1.165 -		if (pair->key == 16)
    1.166 -			server_msg = pair->value;
    1.167 +		if (pair->key == 16) {
    1.168 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.169 +				server_msg = pair->value;
    1.170 +			} else {
    1.171 +				purple_debug_warning("yahoo", "yahoo_process_sms_message "
    1.172 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.173 +			}
    1.174 +		}
    1.175  		l = l->next;
    1.176  	}
    1.177  
    1.178 @@ -972,13 +1037,18 @@
    1.179  		while (l != NULL) {
    1.180  			struct yahoo_pair *pair = l->data;
    1.181  			if (pair->key == 4 || pair->key == 1) {
    1.182 -				im = g_new0(struct _yahoo_im, 1);
    1.183 -				list = g_slist_append(list, im);
    1.184 -				im->from = pair->value;
    1.185 -				im->time = time(NULL);
    1.186 -				im->utf8 = TRUE;
    1.187 -				im->fed = YAHOO_FEDERATION_NONE;
    1.188 -				im->fed_from = g_strdup(im->from);
    1.189 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    1.190 +					im = g_new0(struct _yahoo_im, 1);
    1.191 +					list = g_slist_append(list, im);
    1.192 +					im->from = pair->value;
    1.193 +					im->time = time(NULL);
    1.194 +					im->utf8 = TRUE;
    1.195 +					im->fed = YAHOO_FEDERATION_NONE;
    1.196 +					im->fed_from = g_strdup(im->from);
    1.197 +				} else {
    1.198 +					purple_debug_warning("yahoo", "yahoo_process_message "
    1.199 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.200 +				}
    1.201  			}
    1.202  			if (im && pair->key == 5)
    1.203  				im->active_id = pair->value;
    1.204 @@ -1034,7 +1104,7 @@
    1.205  				}
    1.206  			}
    1.207  			/* IMV key */
    1.208 -			if (im && pair->key == 63)
    1.209 +			if (im && pair->key == 63 && g_utf8_validate(pair->value, -1, NULL))
    1.210  			{
    1.211  				/* Check for the Doodle IMV, no IMvironment for federated buddies */
    1.212  				if (im->from != NULL && im->fed == YAHOO_FEDERATION_NONE)
    1.213 @@ -1170,10 +1240,22 @@
    1.214  	while (l) {
    1.215  		struct yahoo_pair *pair = l->data;
    1.216  
    1.217 -		if (pair->key == 5)
    1.218 -			me = pair->value;
    1.219 -		if (pair->key == 14)
    1.220 -			msg = pair->value;
    1.221 +		if (pair->key == 5) {
    1.222 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.223 +				me = pair->value;
    1.224 +			} else {
    1.225 +				purple_debug_warning("yahoo", "yahoo_process_sysmessage "
    1.226 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.227 +			}
    1.228 +		}
    1.229 +		if (pair->key == 14) {
    1.230 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.231 +				msg = pair->value;
    1.232 +			} else {
    1.233 +				purple_debug_warning("yahoo", "yahoo_process_sysmessage "
    1.234 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.235 +			}
    1.236 +		}
    1.237  
    1.238  		l = l->next;
    1.239  	}
    1.240 @@ -1331,7 +1413,12 @@
    1.241  
    1.242  			switch (pair->key) {
    1.243  			case 4:
    1.244 -				temp = pair->value;
    1.245 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    1.246 +					temp = pair->value;
    1.247 +				} else {
    1.248 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
    1.249 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.250 +				}
    1.251  				break;
    1.252  			case 13:
    1.253  				response = strtol(pair->value, NULL, 10);
    1.254 @@ -1386,22 +1473,42 @@
    1.255  
    1.256  			switch (pair->key) {
    1.257  			case 4:
    1.258 -				temp = pair->value;
    1.259 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    1.260 +					temp = pair->value;
    1.261 +				} else {
    1.262 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
    1.263 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.264 +				}
    1.265  				break;
    1.266  			case 5:
    1.267 -				add_req->id = g_strdup(pair->value);
    1.268 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    1.269 +					add_req->id = g_strdup(pair->value);
    1.270 +				} else {
    1.271 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
    1.272 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.273 +				}
    1.274  				break;
    1.275  			case 14:
    1.276  				msg = pair->value;
    1.277  				break;
    1.278  			case 216:
    1.279 -				firstname = pair->value;
    1.280 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    1.281 +					firstname = pair->value;
    1.282 +				} else {
    1.283 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
    1.284 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.285 +				}
    1.286  				break;
    1.287  			case 241:
    1.288  				add_req->fed = strtol(pair->value, NULL, 10);
    1.289  				break;
    1.290  			case 254:
    1.291 -				lastname = pair->value;
    1.292 +				if (g_utf8_validate(pair->value, -1, NULL)) {
    1.293 +					lastname = pair->value;
    1.294 +				} else {
    1.295 +					purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
    1.296 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.297 +				}
    1.298  				break;
    1.299  
    1.300  			}
    1.301 @@ -1482,10 +1589,20 @@
    1.302  
    1.303  		switch (pair->key) {
    1.304  		case 1:
    1.305 -			add_req->id = g_strdup(pair->value);
    1.306 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.307 +				add_req->id = g_strdup(pair->value);
    1.308 +			} else {
    1.309 +					purple_debug_warning("yahoo", "yahoo_buddy_added_us "
    1.310 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.311 +			}
    1.312  			break;
    1.313  		case 3:
    1.314 -			add_req->who = g_strdup(pair->value);
    1.315 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.316 +				add_req->who = g_strdup(pair->value);
    1.317 +			} else {
    1.318 +					purple_debug_warning("yahoo", "yahoo_buddy_added_us "
    1.319 +							"got non-UTF-8 string for key %d\n", pair->key);
    1.320 +			}
    1.321  			break;
    1.322  		case 15: /* time, for when they add us and we're offline */
    1.323  			break;
    1.324 @@ -1537,10 +1654,20 @@
    1.325  
    1.326  		switch (pair->key) {
    1.327  		case 3:
    1.328 -			who = pair->value;
    1.329 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.330 +				who = pair->value;
    1.331 +			} else {
    1.332 +				purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old "
    1.333 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.334 +			}
    1.335  			break;
    1.336  		case 14:
    1.337 -			msg = pair->value;
    1.338 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.339 +				msg = pair->value;
    1.340 +			} else {
    1.341 +				purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old "
    1.342 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.343 +			}
    1.344  			break;
    1.345  		}
    1.346  		l = l->next;
    1.347 @@ -1637,12 +1764,28 @@
    1.348  		struct yahoo_pair *pair = l->data;
    1.349  		if (pair->key == 9)
    1.350  			count = strtol(pair->value, NULL, 10);
    1.351 -		else if (pair->key == 43)
    1.352 -			who = pair->value;
    1.353 -		else if (pair->key == 42)
    1.354 -			email = pair->value;
    1.355 -		else if (pair->key == 18)
    1.356 -			subj = pair->value;
    1.357 +		else if (pair->key == 43) {
    1.358 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.359 +				who = pair->value;
    1.360 +			} else {
    1.361 +				purple_debug_warning("yahoo", "yahoo_process_mail "
    1.362 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.363 +			}
    1.364 +		} else if (pair->key == 42) {
    1.365 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.366 +				email = pair->value;
    1.367 +			} else {
    1.368 +				purple_debug_warning("yahoo", "yahoo_process_mail "
    1.369 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.370 +			}
    1.371 +		} else if (pair->key == 18) {
    1.372 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.373 +				subj = pair->value;
    1.374 +			} else {
    1.375 +				purple_debug_warning("yahoo", "yahoo_process_mail "
    1.376 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.377 +			}
    1.378 +		}
    1.379  		l = l->next;
    1.380  	}
    1.381  
    1.382 @@ -2077,10 +2220,22 @@
    1.383  
    1.384  	while (l) {
    1.385  		struct yahoo_pair *pair = l->data;
    1.386 -		if (pair->key == 94)
    1.387 -			seed = pair->value;
    1.388 -		if (pair->key == 1)
    1.389 -			sn = pair->value;
    1.390 +		if (pair->key == 94) {
    1.391 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.392 +				seed = pair->value;
    1.393 +			} else {
    1.394 +				purple_debug_warning("yahoo", "yahoo_process_auth "
    1.395 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.396 +			}
    1.397 +		}
    1.398 +		if (pair->key == 1) {
    1.399 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.400 +				sn = pair->value;
    1.401 +			} else {
    1.402 +				purple_debug_warning("yahoo", "yahoo_process_auth "
    1.403 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.404 +			}
    1.405 +		}
    1.406  		if (pair->key == 13)
    1.407  			m = atoi(pair->value);
    1.408  		l = l->next;
    1.409 @@ -2152,10 +2307,20 @@
    1.410  		struct yahoo_pair *pair = l->data;
    1.411  		switch (pair->key) {
    1.412  		case 0:
    1.413 -			who = pair->value;
    1.414 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.415 +				who = pair->value;
    1.416 +			} else {
    1.417 +				purple_debug_warning("yahoo", "yahoo_process_ignore "
    1.418 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.419 +			}
    1.420  			break;
    1.421  		case 1:
    1.422 -			me = pair->value;
    1.423 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.424 +				me = pair->value;
    1.425 +			} else {
    1.426 +				purple_debug_warning("yahoo", "yahoo_process_ignore "
    1.427 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.428 +			}
    1.429  			break;
    1.430  		case 13:
    1.431  			/* 1 == ignore, 2 == unignore */
    1.432 @@ -2224,8 +2389,14 @@
    1.433  
    1.434  		if (pair->key == 66)
    1.435  			err = strtol(pair->value, NULL, 10);
    1.436 -		else if (pair->key == 20)
    1.437 -			url = pair->value;
    1.438 +		else if (pair->key == 20) {
    1.439 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.440 +				url = pair->value;
    1.441 +			} else {
    1.442 +				purple_debug_warning("yahoo", "yahoo_process_authresp "
    1.443 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.444 +			}
    1.445 +		}
    1.446  
    1.447  		l = l->next;
    1.448  	}
    1.449 @@ -2313,7 +2484,12 @@
    1.450  			err = strtol(pair->value, NULL, 10);
    1.451  			break;
    1.452  		case 7:
    1.453 -			temp = pair->value;
    1.454 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.455 +				temp = pair->value;
    1.456 +			} else {
    1.457 +				purple_debug_warning("yahoo", "yahoo_process_addbuddy "
    1.458 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.459 +			}
    1.460  			break;
    1.461  		case 65:
    1.462  			group = pair->value;
    1.463 @@ -2470,11 +2646,16 @@
    1.464  
    1.465  		switch (pair->key) {
    1.466  		case 4:
    1.467 -			who = pair->value;
    1.468 -			if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) {
    1.469 -				/* from whom are we receiving the packets ?? */
    1.470 -				purple_debug_warning("yahoo","p2p: received data from wrong user\n");
    1.471 -				return;
    1.472 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.473 +				who = pair->value;
    1.474 +				if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) {
    1.475 +					/* from whom are we receiving the packets ?? */
    1.476 +					purple_debug_warning("yahoo","p2p: received data from wrong user\n");
    1.477 +					return;
    1.478 +				}
    1.479 +			} else {
    1.480 +				purple_debug_warning("yahoo", "yahoo_p2p_process_p2pfilexfer "
    1.481 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.482  			}
    1.483  			break;
    1.484  		case 13:
    1.485 @@ -2863,15 +3044,25 @@
    1.486  			/* our identity */
    1.487  			break;
    1.488  		case 4:
    1.489 -			who = pair->value;
    1.490 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.491 +				who = pair->value;
    1.492 +			} else {
    1.493 +				purple_debug_warning("yahoo", "yahoo_process_p2p "
    1.494 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.495 +			}
    1.496  			break;
    1.497  		case 1:
    1.498  			/* who again, the master identity this time? */
    1.499  			break;
    1.500  		case 12:
    1.501 -			base64 = pair->value;
    1.502 -			/* so, this is an ip address. in base64. decoded it's in ascii.
    1.503 -			   after strtol, it's in reversed byte order. Who thought this up?*/
    1.504 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.505 +				base64 = pair->value;
    1.506 +				/* so, this is an ip address. in base64. decoded it's in ascii.
    1.507 +				   after strtol, it's in reversed byte order. Who thought this up?*/
    1.508 +			} else {
    1.509 +				purple_debug_warning("yahoo", "yahoo_process_p2p "
    1.510 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.511 +			}
    1.512  			break;
    1.513  		case 13:
    1.514  			val_13 = strtol(pair->value, NULL, 10);
    1.515 @@ -2960,7 +3151,12 @@
    1.516  
    1.517  		switch (pair->key) {
    1.518  		case 4:
    1.519 -			who = pair->value;
    1.520 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.521 +				who = pair->value;
    1.522 +			} else {
    1.523 +				purple_debug_warning("yahoo", "yahoo_process_audible "
    1.524 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.525 +			}
    1.526  			break;
    1.527  		case 5:
    1.528  			/* us */
    1.529 @@ -2968,11 +3164,21 @@
    1.530  		case 230:
    1.531  			/* the audible, in foo.locale.bar.baz format
    1.532  			   eg: base.tw.smiley.smiley43 */
    1.533 -			id = pair->value;
    1.534 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.535 +				id = pair->value;
    1.536 +			} else {
    1.537 +				purple_debug_warning("yahoo", "yahoo_process_audible "
    1.538 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.539 +			}
    1.540  			break;
    1.541  		case 231:
    1.542  			/* the text of the audible */
    1.543 -			msg = pair->value;
    1.544 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    1.545 +				msg = pair->value;
    1.546 +			} else {
    1.547 +				purple_debug_warning("yahoo", "yahoo_process_audible "
    1.548 +						"got non-UTF-8 string for key %d\n", pair->key);
    1.549 +			}
    1.550  			break;
    1.551  		case 232:
    1.552  			/* SHA-1 hash of audible SWF file (eg: 4e8691499d9c0fb8374478ff9720f4a9ea4a4915) */
      2.1 --- a/libpurple/protocols/yahoo/yahoo_aliases.c
      2.2 +++ b/libpurple/protocols/yahoo/yahoo_aliases.c
      2.3 @@ -696,8 +696,14 @@
      2.4  		struct yahoo_pair *pair = l->data;
      2.5  		switch (pair->key) {
      2.6  			case 4:
      2.7 -				who = pair->value;	/* This is the person who sent us the details.
      2.8 -									   But not necessarily about himself. */
      2.9 +				if (g_utf8_validate(pair->value, -1, NULL)) {
     2.10 +					/* This is the person who sent us the details.
     2.11 +					   But not necessarily about himself. */
     2.12 +					who = pair->value;
     2.13 +				} else {
     2.14 +					purple_debug_warning("yahoo", "yahoo_process_contact_details "
     2.15 +							"got non-UTF-8 string for key %d\n", pair->key);
     2.16 +				}
     2.17  				break;
     2.18  			case 5:
     2.19  				break;
     2.20 @@ -709,8 +715,13 @@
     2.21  				   and look into the xml instead to see who the information is about. */
     2.22  				break;
     2.23  			case 280:
     2.24 -				xml = pair->value;
     2.25 -				parse_contact_details(yd, who, xml);
     2.26 +				if (g_utf8_validate(pair->value, -1, NULL)) {
     2.27 +					xml = pair->value;
     2.28 +					parse_contact_details(yd, who, xml);
     2.29 +				} else {
     2.30 +					purple_debug_warning("yahoo", "yahoo_process_contact_details "
     2.31 +							"got non-UTF-8 string for key %d\n", pair->key);
     2.32 +				}
     2.33  				break;
     2.34  		}
     2.35  	}
      3.1 --- a/libpurple/protocols/yahoo/yahoo_filexfer.c
      3.2 +++ b/libpurple/protocols/yahoo/yahoo_filexfer.c
      3.3 @@ -749,25 +749,60 @@
      3.4  
      3.5  		switch(pair->key) {
      3.6  		case 5:         /* Get who the packet is for */
      3.7 -			me = pair->value;
      3.8 +			if (g_utf8_validate(pair->value, -1, NULL)) {
      3.9 +				me = pair->value;
     3.10 +			} else {
     3.11 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.12 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.13 +			}
     3.14  			break;
     3.15  		case 4:         /* Get who the packet is from */
     3.16 -			from = pair->value;
     3.17 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.18 +				from = pair->value;
     3.19 +			} else {
     3.20 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.21 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.22 +			}
     3.23  			break;
     3.24  		case 49:        /* Get the type of service */
     3.25 -			service = pair->value;
     3.26 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.27 +				service = pair->value;
     3.28 +			} else {
     3.29 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.30 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.31 +			}
     3.32  			break;
     3.33  		case 14:        /* Get the 'message' of the packet */
     3.34 -			message = pair->value;
     3.35 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.36 +				message = pair->value;
     3.37 +			} else {
     3.38 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.39 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.40 +			}
     3.41  			break;
     3.42  		case 13:        /* Get the command associated with this packet */
     3.43 -			command = pair->value;
     3.44 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.45 +				command = pair->value;
     3.46 +			} else {
     3.47 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.48 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.49 +			}
     3.50  			break;
     3.51  		case 63:        /* IMVironment name and version */
     3.52 -			imv = pair->value;
     3.53 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.54 +				imv = pair->value;
     3.55 +			} else {
     3.56 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.57 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.58 +			}
     3.59  			break;
     3.60  		case 64:        /* Not sure, but it does vary with initialization of Doodle */
     3.61 -			unknown = pair->value; /* So, I'll keep it (for a little while atleast) */
     3.62 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.63 +				unknown = pair->value; /* So, I'll keep it (for a little while atleast) */
     3.64 +			} else {
     3.65 +				purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
     3.66 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.67 +			}
     3.68  			break;
     3.69  		}
     3.70  
     3.71 @@ -813,16 +848,36 @@
     3.72  
     3.73  		switch (pair->key) {
     3.74  		case 4:
     3.75 -			from = pair->value;
     3.76 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.77 +				from = pair->value;
     3.78 +			} else {
     3.79 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
     3.80 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.81 +			}
     3.82  			break;
     3.83  		case 5:
     3.84 -			to = pair->value;
     3.85 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.86 +				to = pair->value;
     3.87 +			} else {
     3.88 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
     3.89 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.90 +			}
     3.91  			break;
     3.92  		case 14:
     3.93 -			msg = pair->value;
     3.94 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     3.95 +				msg = pair->value;
     3.96 +			} else {
     3.97 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
     3.98 +						"got non-UTF-8 string for key %d\n", pair->key);
     3.99 +			}
    3.100  			break;
    3.101  		case 20:
    3.102 -			url = pair->value;
    3.103 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.104 +				url = pair->value;
    3.105 +			} else {
    3.106 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
    3.107 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.108 +			}
    3.109  			break;
    3.110  		case 38:
    3.111  			expires = strtol(pair->value, NULL, 10);
    3.112 @@ -834,10 +889,20 @@
    3.113  			filesize = atol(pair->value);
    3.114  			break;
    3.115  		case 49:
    3.116 -			service = pair->value;
    3.117 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.118 +				service = pair->value;
    3.119 +			} else {
    3.120 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
    3.121 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.122 +			}
    3.123  			break;
    3.124  		case 63:
    3.125 -			imv = pair->value;
    3.126 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.127 +				imv = pair->value;
    3.128 +			} else {
    3.129 +				purple_debug_warning("yahoo", "yahoo_process_filetransfer "
    3.130 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.131 +			}
    3.132  			break;
    3.133  		}
    3.134  	}
    3.135 @@ -1616,20 +1681,40 @@
    3.136  
    3.137  		switch (pair->key) {
    3.138  		case 4:
    3.139 -			from = pair->value;
    3.140 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.141 +				from = pair->value;
    3.142 +			} else {
    3.143 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
    3.144 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.145 +			}
    3.146  			break;
    3.147  		case 5:
    3.148 -			to = pair->value;
    3.149 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.150 +				to = pair->value;
    3.151 +			} else {
    3.152 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
    3.153 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.154 +			}
    3.155  			break;
    3.156  		case 265:
    3.157 -			xfer_peer_idstring = pair->value;
    3.158 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.159 +				xfer_peer_idstring = pair->value;
    3.160 +			} else {
    3.161 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
    3.162 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.163 +			}
    3.164  			break;
    3.165  		case 27:
    3.166  			filename_list = g_slist_prepend(filename_list, g_strdup(pair->value));
    3.167  			nooffiles++;
    3.168  			break;
    3.169  		case 28:
    3.170 -			size_list = g_slist_prepend(size_list, g_strdup(pair->value));
    3.171 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.172 +				size_list = g_slist_prepend(size_list, g_strdup(pair->value));
    3.173 +			} else {
    3.174 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
    3.175 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.176 +			}
    3.177  			break;
    3.178  		case 222:
    3.179  			val_222 = atol(pair->value);
    3.180 @@ -1638,10 +1723,20 @@
    3.181  
    3.182  		/* check for p2p and imviron .... not sure it comes by this service packet. Since it was bundled with filexfer in old ymsg version, still keeping it. */
    3.183  		case 49:
    3.184 -			service = pair->value;
    3.185 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.186 +				service = pair->value;
    3.187 +			} else {
    3.188 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
    3.189 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.190 +			}
    3.191  			break;
    3.192  		case 63:
    3.193 -			imv = pair->value;
    3.194 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.195 +				imv = pair->value;
    3.196 +			} else {
    3.197 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
    3.198 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.199 +			}
    3.200  			break;
    3.201  		/* end check */
    3.202  
    3.203 @@ -1803,7 +1898,12 @@
    3.204  			to = pair->value;
    3.205  			break;
    3.206  		case 265:
    3.207 -			xfer_peer_idstring = pair->value;
    3.208 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.209 +				xfer_peer_idstring = pair->value;
    3.210 +			} else {
    3.211 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
    3.212 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.213 +			}
    3.214  			break;
    3.215  		case 27:
    3.216  			filename = pair->value;
    3.217 @@ -1816,10 +1916,20 @@
    3.218  			/* 249 has value 1 or 2 when doing p2p transfer and value 3 when relaying through yahoo server */
    3.219  			break;
    3.220  		case 250:
    3.221 -			url = pair->value;
    3.222 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.223 +				url = pair->value;
    3.224 +			} else {
    3.225 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
    3.226 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.227 +			}
    3.228  			break;
    3.229  		case 251:
    3.230 -			xfer_idstring_for_relay = pair->value;
    3.231 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.232 +				xfer_idstring_for_relay = pair->value;
    3.233 +			} else {
    3.234 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
    3.235 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.236 +			}
    3.237  			break;
    3.238  		}
    3.239  	}
    3.240 @@ -1902,10 +2012,20 @@
    3.241  
    3.242  		switch (pair->key) {
    3.243  		case 251:
    3.244 -			xfer_idstring_for_relay = pair->value;
    3.245 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.246 +				xfer_idstring_for_relay = pair->value;
    3.247 +			} else {
    3.248 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
    3.249 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.250 +			}
    3.251  			break;
    3.252  		case 265:
    3.253 -			xfer_peer_idstring = pair->value;
    3.254 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.255 +				xfer_peer_idstring = pair->value;
    3.256 +			} else {
    3.257 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
    3.258 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.259 +			}
    3.260  			break;
    3.261  		case 66:
    3.262  			val_66 = atol(pair->value);
    3.263 @@ -1914,7 +2034,13 @@
    3.264  			val_249 = atol(pair->value);
    3.265  			break;
    3.266  		case 250:
    3.267 -			url = pair->value;	/* we get a p2p url here when sending file, connected as client */
    3.268 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    3.269 +				/* we get a p2p url here when sending file, connected as client */
    3.270 +				url = pair->value;
    3.271 +			} else {
    3.272 +				purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
    3.273 +						"got non-UTF-8 string for key %d\n", pair->key);
    3.274 +			}
    3.275  			break;
    3.276  		}
    3.277  	}
      4.1 --- a/libpurple/protocols/yahoo/yahoo_friend.c
      4.2 +++ b/libpurple/protocols/yahoo/yahoo_friend.c
      4.3 @@ -158,7 +158,12 @@
      4.4  
      4.5  		switch (pair->key) {
      4.6  			case 7:
      4.7 -				temp = pair->value;
      4.8 +				if (g_utf8_validate(pair->value, -1, NULL)) {
      4.9 +					temp = pair->value;
     4.10 +				} else {
     4.11 +					purple_debug_warning("yahoo", "yahoo_process_presence "
     4.12 +							"got non-UTF-8 string for key %d\n", pair->key);
     4.13 +				}
     4.14  				break;
     4.15  			case 31:
     4.16  				value = strtol(pair->value, NULL, 10);
      5.1 --- a/libpurple/protocols/yahoo/yahoo_picture.c
      5.2 +++ b/libpurple/protocols/yahoo/yahoo_picture.c
      5.3 @@ -84,10 +84,20 @@
      5.4  		switch (pair->key) {
      5.5  		case 1:
      5.6  		case 4:
      5.7 -			who = pair->value;
      5.8 +			if (g_utf8_validate(pair->value, -1, NULL)) {
      5.9 +				who = pair->value;
     5.10 +			} else {
     5.11 +				purple_debug_warning("yahoo", "yahoo_process_picture "
     5.12 +						"got non-UTF-8 string for key %d\n", pair->key);
     5.13 +			}
     5.14  			break;
     5.15  		case 5:
     5.16 -			us = pair->value;
     5.17 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     5.18 +				us = pair->value;
     5.19 +			} else {
     5.20 +				purple_debug_warning("yahoo", "yahoo_process_picture "
     5.21 +						"got non-UTF-8 string for key %d\n", pair->key);
     5.22 +			}
     5.23  			break;
     5.24  		case 13: {
     5.25  				int tmp;
     5.26 @@ -100,7 +110,12 @@
     5.27  				break;
     5.28  			}
     5.29  		case 20:
     5.30 -			url = pair->value;
     5.31 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     5.32 +				url = pair->value;
     5.33 +			} else {
     5.34 +				purple_debug_warning("yahoo", "yahoo_process_picture "
     5.35 +						"got non-UTF-8 string for key %d\n", pair->key);
     5.36 +			}
     5.37  			break;
     5.38  		case 192:
     5.39  			checksum = strtol(pair->value, NULL, 10);
     5.40 @@ -154,7 +169,12 @@
     5.41  
     5.42  		switch (pair->key) {
     5.43  		case 4:
     5.44 -			who = pair->value;
     5.45 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     5.46 +				who = pair->value;
     5.47 +			} else {
     5.48 +				purple_debug_warning("yahoo", "yahoo_process_picture_checksum "
     5.49 +						"got non-UTF-8 string for key %d\n", pair->key);
     5.50 +			}
     5.51  			break;
     5.52  		case 5:
     5.53  			/* us */
     5.54 @@ -197,7 +217,12 @@
     5.55  			/* filename on our computer. */
     5.56  			break;
     5.57  		case 20: /* url at yahoo */
     5.58 -			url = pair->value;
     5.59 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     5.60 +				url = pair->value;
     5.61 +			} else {
     5.62 +				purple_debug_warning("yahoo", "yahoo_process_picture_upload "
     5.63 +						"got non-UTF-8 string for key %d\n", pair->key);
     5.64 +			}
     5.65  		case 38: /* timestamp */
     5.66  			break;
     5.67  		}
     5.68 @@ -225,7 +250,12 @@
     5.69  
     5.70  		switch (pair->key) {
     5.71  		case 4:
     5.72 -			who = pair->value;
     5.73 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     5.74 +				who = pair->value;
     5.75 +			} else {
     5.76 +				purple_debug_warning("yahoo", "yahoo_process_avatar_upload "
     5.77 +						"got non-UTF-8 string for key %d\n", pair->key);
     5.78 +			}
     5.79  			break;
     5.80  		case 5:
     5.81  			/* us */
      6.1 --- a/libpurple/protocols/yahoo/yahoochat.c
      6.2 +++ b/libpurple/protocols/yahoo/yahoochat.c
      6.3 @@ -156,15 +156,25 @@
      6.4  			room = yahoo_string_decode(gc, pair->value, FALSE);
      6.5  			break;
      6.6  		case 50: /* inviter */
      6.7 -			who = pair->value;
      6.8 -			g_string_append_printf(members, "%s\n", who);
      6.9 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.10 +				who = pair->value;
     6.11 +				g_string_append_printf(members, "%s\n", who);
     6.12 +			} else {
     6.13 +				purple_debug_warning("yahoo", "yahoo_process_conference_invite "
     6.14 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.15 +			}
     6.16  			break;
     6.17  		case 51: /* This user is being invited to the conference. Comes with status = 11, so we wont reach here */
     6.18  			break;
     6.19  		case 52: /* Invited users. Assuming us invited, since we got this packet */
     6.20  			break; /* break needed, or else we add the users to the conference before they accept the invitation */
     6.21  		case 53: /* members who have already joined the conference */
     6.22 -			g_string_append_printf(members, "%s\n", pair->value);
     6.23 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.24 +				g_string_append_printf(members, "%s\n", pair->value);
     6.25 +			} else {
     6.26 +				purple_debug_warning("yahoo", "yahoo_process_conference_invite "
     6.27 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.28 +			}
     6.29  			break;
     6.30  		case 58:
     6.31  			g_free(msg);
     6.32 @@ -220,7 +230,12 @@
     6.33  			room = yahoo_string_decode(gc, pair->value, FALSE);
     6.34  			break;
     6.35  		case 54:
     6.36 -			who = pair->value;
     6.37 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.38 +				who = pair->value;
     6.39 +			} else {
     6.40 +				purple_debug_warning("yahoo", "yahoo_process_conference_decline "
     6.41 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.42 +			}
     6.43  			break;
     6.44  		case 14:
     6.45  			g_free(msg);
     6.46 @@ -277,7 +292,12 @@
     6.47  			room = yahoo_string_decode(gc, pair->value, FALSE);
     6.48  			break;
     6.49  		case 53:
     6.50 -			who = pair->value;
     6.51 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.52 +				who = pair->value;
     6.53 +			} else {
     6.54 +				purple_debug_warning("yahoo", "yahoo_process_conference_logon "
     6.55 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.56 +			}
     6.57  			break;
     6.58  		}
     6.59  	}
     6.60 @@ -309,7 +329,12 @@
     6.61  			room = yahoo_string_decode(gc, pair->value, FALSE);
     6.62  			break;
     6.63  		case 56:
     6.64 -			who = pair->value;
     6.65 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.66 +				who = pair->value;
     6.67 +			} else {
     6.68 +				purple_debug_warning("yahoo", "yahoo_process_conference_logoff "
     6.69 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.70 +			}
     6.71  			break;
     6.72  		}
     6.73  	}
     6.74 @@ -340,7 +365,12 @@
     6.75  			room = yahoo_string_decode(gc, pair->value, FALSE);
     6.76  			break;
     6.77  		case 3:
     6.78 -			who = pair->value;
     6.79 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.80 +				who = pair->value;
     6.81 +			} else {
     6.82 +				purple_debug_warning("yahoo", "yahoo_process_conference_message "
     6.83 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.84 +			}
     6.85  			break;
     6.86  		case 14:
     6.87  			msg = pair->value;
     6.88 @@ -506,18 +536,38 @@
     6.89  			topic = yahoo_string_decode(gc, pair->value, TRUE);
     6.90  			break;
     6.91  		case 128:
     6.92 -			someid = pair->value;
     6.93 +			if (g_utf8_validate(pair->value, -1, NULL)) {
     6.94 +				someid = pair->value;
     6.95 +			} else {
     6.96 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
     6.97 +						"got non-UTF-8 string for key %d\n", pair->key);
     6.98 +			}
     6.99  			break;
    6.100  		case 108: /* number of joiners */
    6.101  			break;
    6.102  		case 129:
    6.103 -			someotherid = pair->value;
    6.104 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.105 +				someotherid = pair->value;
    6.106 +			} else {
    6.107 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
    6.108 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.109 +			}
    6.110  			break;
    6.111  		case 130:
    6.112 -			somebase64orhashosomething = pair->value;
    6.113 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.114 +				somebase64orhashosomething = pair->value;
    6.115 +			} else {
    6.116 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
    6.117 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.118 +			}
    6.119  			break;
    6.120  		case 126:
    6.121 -			somenegativenumber = pair->value;
    6.122 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.123 +				somenegativenumber = pair->value;
    6.124 +			} else {
    6.125 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
    6.126 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.127 +			}
    6.128  			break;
    6.129  		case 13: /* this is 1. maybe its the type of room? (normal, user created, private, etc?) */
    6.130  			break;
    6.131 @@ -528,7 +578,12 @@
    6.132  		   info about individual room members, (including us) */
    6.133  
    6.134  		case 109: /* the yahoo id */
    6.135 -			members = g_list_append(members, pair->value);
    6.136 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.137 +				members = g_list_append(members, pair->value);
    6.138 +			} else {
    6.139 +				purple_debug_warning("yahoo", "yahoo_process_chat_join "
    6.140 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.141 +			}
    6.142  			break;
    6.143  		case 110: /* age */
    6.144  			break;
    6.145 @@ -625,8 +680,14 @@
    6.146  			g_free(room);
    6.147  			room = yahoo_string_decode(gc, pair->value, TRUE);
    6.148  		}
    6.149 -		if (pair->key == 109)
    6.150 -			who = pair->value;
    6.151 +		if (pair->key == 109) {
    6.152 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.153 +				who = pair->value;
    6.154 +			} else {
    6.155 +				purple_debug_warning("yahoo", "yahoo_process_chat_exit "
    6.156 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.157 +			}
    6.158 +		}
    6.159  	}
    6.160  
    6.161  	if (who && room) {
    6.162 @@ -658,10 +719,20 @@
    6.163  			room = yahoo_string_decode(gc, pair->value, TRUE);
    6.164  			break;
    6.165  		case 109:
    6.166 -			who = pair->value;
    6.167 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.168 +				who = pair->value;
    6.169 +			} else {
    6.170 +				purple_debug_warning("yahoo", "yahoo_process_chat_message "
    6.171 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.172 +			}
    6.173  			break;
    6.174  		case 117:
    6.175 -			msg = pair->value;
    6.176 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.177 +				msg = pair->value;
    6.178 +			} else {
    6.179 +				purple_debug_warning("yahoo", "yahoo_process_chat_message "
    6.180 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.181 +			}
    6.182  			break;
    6.183  		case 124:
    6.184  			msgtype = strtol(pair->value, NULL, 10);
    6.185 @@ -724,7 +795,12 @@
    6.186  			msg = yahoo_string_decode(gc, pair->value, FALSE);
    6.187  			break;
    6.188  		case 119:
    6.189 -			who = pair->value;
    6.190 +			if (g_utf8_validate(pair->value, -1, NULL)) {
    6.191 +				who = pair->value;
    6.192 +			} else {
    6.193 +				purple_debug_warning("yahoo", "yahoo_process_chat_addinvite "
    6.194 +						"got non-UTF-8 string for key %d\n", pair->key);
    6.195 +			}
    6.196  			break;
    6.197  		case 118: /* us */
    6.198  			break;