File VUL-fixes.patch of Package pidgin
Index: pidgin-2.7.9/libpurple/protocols/oscar/family_feedbag.c
===================================================================
--- pidgin-2.7.9.orig/libpurple/protocols/oscar/family_feedbag.c
+++ pidgin-2.7.9/libpurple/protocols/oscar/family_feedbag.c
@@ -1648,18 +1648,35 @@ static int receiveauthrequest(OscarData
int ret = 0;
aim_rxcallback_t userfunc;
guint16 tmp;
- char *bn, *msg;
+ char *bn, *msg, *tmpstr;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping auth grant SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping auth grant SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
- /* Read message (null terminated) */
- if ((tmp = byte_stream_get16(bs)))
+ /* Read message */
+ tmp = byte_stream_get16(bs);
+ if (tmp) {
msg = byte_stream_getstr(bs, tmp);
- else
+ if (!g_utf8_validate(msg, -1, NULL)) {
+ /* Ugh, msg isn't UTF8. Let's salvage. */
+ purple_debug_warning("oscar", "Got non-UTF8 message in auth "
+ "grant from %s\n", bn);
+ tmpstr = purple_utf8_salvage(msg);
+ g_free(msg);
+ msg = tmpstr;
+ }
+ } else
msg = NULL;
/* Unknown */
@@ -1732,21 +1749,38 @@ static int receiveauthreply(OscarData *o
aim_rxcallback_t userfunc;
guint16 tmp;
guint8 reply;
- char *bn, *msg;
+ char *bn, *msg, *tmpstr;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping auth reply SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping auth reply SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
/* Read reply */
reply = byte_stream_get8(bs);
- /* Read message (null terminated) */
- if ((tmp = byte_stream_get16(bs)))
+ /* Read message */
+ tmp = byte_stream_get16(bs);
+ if (tmp) {
msg = byte_stream_getstr(bs, tmp);
- else
+ if (!g_utf8_validate(msg, -1, NULL)) {
+ /* Ugh, msg isn't UTF8. Let's salvage. */
+ purple_debug_warning("oscar", "Got non-UTF8 message in auth "
+ "reply from %s\n", bn);
+ tmpstr = purple_utf8_salvage(msg);
+ g_free(msg);
+ msg = tmpstr;
+ }
+ } else
msg = NULL;
/* Unknown */
@@ -1772,10 +1806,18 @@ static int receiveadded(OscarData *od, F
char *bn;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping 'you were added' SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping 'you were added' SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
ret = userfunc(od, conn, frame, bn);
Index: pidgin-2.7.9/libpurple/protocols/silc/ops.c
===================================================================
--- pidgin-2.7.9.orig/libpurple/protocols/silc/ops.c
+++ pidgin-2.7.9/libpurple/protocols/silc/ops.c
@@ -415,9 +415,16 @@ silc_private_message(SilcClient client,
}
if (flags & SILC_MESSAGE_FLAG_UTF8) {
- tmp = g_markup_escape_text((const char *)message, -1);
+ const char *msg = (const char *)message;
+ char *salvaged = NULL;
+ if (!g_utf8_validate((const char *)message, -1, NULL)) {
+ salvaged = purple_utf8_salvage((const char *)message);
+ msg = salvaged;
+ }
+ tmp = g_markup_escape_text(msg, -1);
/* Send to Purple */
serv_got_im(gc, sender->nickname, tmp, 0, time(NULL));
+ g_free(salvaged);
g_free(tmp);
}
}
Index: pidgin-2.7.9/libpurple/protocols/jabber/jingle/jingle.c
===================================================================
--- pidgin-2.7.9.orig/libpurple/protocols/jabber/jingle/jingle.c
+++ pidgin-2.7.9/libpurple/protocols/jabber/jingle/jingle.c
@@ -123,7 +123,7 @@ jingle_handle_content_modify(JingleSessi
if (local_content != NULL) {
const gchar *senders = xmlnode_get_attrib(content, "senders");
gchar *local_senders = jingle_content_get_senders(local_content);
- if (strcmp(senders, local_senders))
+ if (!purple_strequal(senders, local_senders))
jingle_content_modify(local_content, senders);
g_free(local_senders);
} else {
Index: pidgin-2.7.9/libpurple/protocols/jabber/jingle/session.c
===================================================================
--- pidgin-2.7.9.orig/libpurple/protocols/jabber/jingle/session.c
+++ pidgin-2.7.9/libpurple/protocols/jabber/jingle/session.c
@@ -284,7 +284,7 @@ jingle_session_create(JabberStream *js,
if (!js->sessions) {
purple_debug_info("jingle",
"Creating hash table for sessions\n");
- js->sessions = g_hash_table_new(g_str_hash, g_str_equal);
+ js->sessions = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL);
}
purple_debug_info("jingle",
"inserting session with key: %s into table\n", sid);
@@ -407,27 +407,25 @@ jingle_add_jingle_packet(JingleSession *
xmlnode_new("jingle");
gchar *local_jid = jingle_session_get_local_jid(session);
gchar *remote_jid = jingle_session_get_remote_jid(session);
+ gchar *sid = jingle_session_get_sid(session);
xmlnode_set_namespace(jingle, JINGLE);
xmlnode_set_attrib(jingle, "action", jingle_get_action_name(action));
if (jingle_session_is_initiator(session)) {
- xmlnode_set_attrib(jingle, "initiator",
- jingle_session_get_local_jid(session));
- xmlnode_set_attrib(jingle, "responder",
- jingle_session_get_remote_jid(session));
+ xmlnode_set_attrib(jingle, "initiator", local_jid);
+ xmlnode_set_attrib(jingle, "responder", remote_jid);
} else {
- xmlnode_set_attrib(jingle, "initiator",
- jingle_session_get_remote_jid(session));
- xmlnode_set_attrib(jingle, "responder",
- jingle_session_get_local_jid(session));
+ xmlnode_set_attrib(jingle, "initiator", remote_jid);
+ xmlnode_set_attrib(jingle, "responder", local_jid);
}
+ xmlnode_set_attrib(jingle, "sid", sid);
+
g_free(local_jid);
g_free(remote_jid);
+ g_free(sid);
- xmlnode_set_attrib(jingle, "sid", jingle_session_get_sid(session));
-
return jingle;
}
@@ -504,11 +502,16 @@ void jingle_session_handle_action(Jingle
JingleContent *
jingle_session_find_content(JingleSession *session, const gchar *name, const gchar *creator)
{
- GList *iter = session->priv->contents;
+ GList *iter;
+
+ if (name == NULL)
+ return NULL;
+
+ iter = session->priv->contents;
for (; iter; iter = g_list_next(iter)) {
JingleContent *content = iter->data;
gchar *cname = jingle_content_get_name(content);
- gboolean result = !strcmp(name, cname);
+ gboolean result = g_str_equal(name, cname);
g_free(cname);
if (creator != NULL) {
@@ -526,11 +529,16 @@ jingle_session_find_content(JingleSessio
JingleContent *
jingle_session_find_pending_content(JingleSession *session, const gchar *name, const gchar *creator)
{
- GList *iter = session->priv->pending_contents;
+ GList *iter;
+
+ if (name == NULL)
+ return NULL;
+
+ iter = session->priv->pending_contents;
for (; iter; iter = g_list_next(iter)) {
JingleContent *content = iter->data;
gchar *cname = jingle_content_get_name(content);
- gboolean result = !strcmp(name, cname);
+ gboolean result = g_str_equal(name, cname);
g_free(cname);
if (creator != NULL) {
Index: pidgin-2.7.9/libpurple/protocols/jabber/jingle/rtp.c
===================================================================
--- pidgin-2.7.9.orig/libpurple/protocols/jabber/jingle/rtp.c
+++ pidgin-2.7.9/libpurple/protocols/jabber/jingle/rtp.c
@@ -589,6 +589,16 @@ jingle_rtp_init_media(JingleContent *con
senders = jingle_content_get_senders(content);
transport = jingle_content_get_transport(content);
+ if (media_type == NULL) {
+ g_free(name);
+ g_free(remote_jid);
+ g_free(senders);
+ g_free(params);
+ g_object_unref(transport);
+ g_object_unref(session);
+ return FALSE;
+ }
+
if (JINGLE_IS_RAWUDP(transport))
transmitter = "rawudp";
else if (JINGLE_IS_ICEUDP(transport))
@@ -597,17 +607,17 @@ jingle_rtp_init_media(JingleContent *con
transmitter = "notransmitter";
g_object_unref(transport);
- is_audio = !strcmp(media_type, "audio");
+ is_audio = g_str_equal(media_type, "audio");
- if (!strcmp(senders, "both"))
- type = is_audio == TRUE ? PURPLE_MEDIA_AUDIO
+ if (purple_strequal(senders, "both"))
+ type = is_audio ? PURPLE_MEDIA_AUDIO
: PURPLE_MEDIA_VIDEO;
- else if ((strcmp(senders, "initiator") == 0) ==
+ else if (purple_strequal(senders, "initiator") ==
jingle_session_is_initiator(session))
- type = is_audio == TRUE ? PURPLE_MEDIA_SEND_AUDIO
+ type = is_audio ? PURPLE_MEDIA_SEND_AUDIO
: PURPLE_MEDIA_SEND_VIDEO;
else
- type = is_audio == TRUE ? PURPLE_MEDIA_RECV_AUDIO
+ type = is_audio ? PURPLE_MEDIA_RECV_AUDIO
: PURPLE_MEDIA_RECV_VIDEO;
params =
@@ -615,7 +625,17 @@ jingle_rtp_init_media(JingleContent *con
NULL, NULL, &num_params);
creator = jingle_content_get_creator(content);
- if (!strcmp(creator, "initiator"))
+ if (creator == NULL) {
+ g_free(name);
+ g_free(media_type);
+ g_free(remote_jid);
+ g_free(senders);
+ g_free(params);
+ g_object_unref(session);
+ return FALSE;
+ }
+
+ if (g_str_equal(creator, "initiator"))
is_creator = jingle_session_is_initiator(session);
else
is_creator = !jingle_session_is_initiator(session);
@@ -624,6 +644,8 @@ jingle_rtp_init_media(JingleContent *con
if(!purple_media_add_stream(media, name, remote_jid,
type, is_creator, transmitter, num_params, params)) {
purple_media_end(media, NULL, NULL);
+ /* TODO: How much clean-up is necessary here? (does calling
+ purple_media_end lead to cleaning up Jingle structs?) */
return FALSE;
}
@@ -645,9 +667,22 @@ jingle_rtp_parse_codecs(xmlnode *descrip
const char *encoding_name,*id, *clock_rate;
PurpleMediaCodec *codec;
const gchar *media = xmlnode_get_attrib(description, "media");
- PurpleMediaSessionType type =
- !strcmp(media, "video") ? PURPLE_MEDIA_VIDEO :
- !strcmp(media, "audio") ? PURPLE_MEDIA_AUDIO : 0;
+ PurpleMediaSessionType type;
+
+ if (media == NULL) {
+ purple_debug_warning("jingle-rtp", "missing media type\n");
+ return NULL;
+ }
+
+ if (g_str_equal(media, "video")) {
+ type = PURPLE_MEDIA_VIDEO;
+ } else if (g_str_equal(media, "audio")) {
+ type = PURPLE_MEDIA_AUDIO;
+ } else {
+ purple_debug_warning("jingle-rtp", "unknown media type: %s\n",
+ media);
+ return NULL;
+ }
for (codec_element = xmlnode_get_child(description, "payload-type") ;
codec_element ;
@@ -768,19 +803,19 @@ jingle_rtp_handle_action_internal(Jingle
switch (action) {
case JINGLE_SESSION_ACCEPT:
case JINGLE_SESSION_INITIATE: {
- JingleSession *session = jingle_content_get_session(content);
- JingleTransport *transport = jingle_transport_parse(
- xmlnode_get_child(xmlcontent, "transport"));
- xmlnode *description = xmlnode_get_child(xmlcontent, "description");
- GList *candidates = jingle_rtp_transport_to_candidates(transport);
- GList *codecs = jingle_rtp_parse_codecs(description);
- gchar *name = jingle_content_get_name(content);
- gchar *remote_jid =
- jingle_session_get_remote_jid(session);
+ JingleSession *session;
+ JingleTransport *transport;
+ xmlnode *description;
+ GList *candidates;
+ GList *codecs;
+ gchar *name;
+ gchar *remote_jid;
PurpleMedia *media;
+ session = jingle_content_get_session(content);
+
if (action == JINGLE_SESSION_INITIATE &&
- jingle_rtp_init_media(content) == FALSE) {
+ !jingle_rtp_init_media(content)) {
/* XXX: send error */
jabber_iq_send(jingle_session_terminate_packet(
session, "general-error"));
@@ -788,6 +823,14 @@ jingle_rtp_handle_action_internal(Jingle
break;
}
+ transport = jingle_transport_parse(
+ xmlnode_get_child(xmlcontent, "transport"));
+ description = xmlnode_get_child(xmlcontent, "description");
+ candidates = jingle_rtp_transport_to_candidates(transport);
+ codecs = jingle_rtp_parse_codecs(description);
+ name = jingle_content_get_name(content);
+ remote_jid = jingle_session_get_remote_jid(session);
+
media = jingle_rtp_get_media(session);
purple_media_set_remote_codecs(media,
name, remote_jid, codecs);
Index: pidgin-2.7.9/libpurple/protocols/yahoo/libymsg.c
===================================================================
--- pidgin-2.7.9.orig/libpurple/protocols/yahoo/libymsg.c
+++ pidgin-2.7.9/libpurple/protocols/yahoo/libymsg.c
@@ -842,7 +842,7 @@ static void yahoo_process_notify(PurpleC
break;
}
- if (*stat == '1')
+ if (stat && *stat == '1')
serv_got_typing(gc, fed_from, 0, PURPLE_TYPING);
else
serv_got_typing_stopped(gc, fed_from);
@@ -864,7 +864,7 @@ static void yahoo_process_notify(PurpleC
yahoo_friend_set_game(f, NULL);
- if (*stat == '1') {
+ if (stat && *stat == '1') {
yahoo_friend_set_game(f, game);
if (bud)
yahoo_update_status(gc, from, f);
@@ -922,6 +922,11 @@ static void yahoo_process_sms_message(Pu
l = l->next;
}
+ if(!sms) {
+ purple_debug_info("yahoo", "Received a malformed SMS packet!\n");
+ return;
+ }
+
if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) {
if (server_msg) {
PurpleConversation *c;
