b8c765b767
http://security.e-matters.de/advisories/012004.html Thanks to Matthew Luckie for bringing this to my attention.
136 lines
3.4 KiB
Plaintext
136 lines
3.4 KiB
Plaintext
$OpenBSD: patch-src_util_c,v 1.1 2004/01/27 01:03:54 brad Exp $
|
|
--- src/util.c.orig 2004-01-09 23:04:56.000000000 -0500
|
|
+++ src/util.c 2004-01-26 14:51:51.000000000 -0500
|
|
@@ -247,24 +247,71 @@ gaim_base64_decode(const char *text, cha
|
|
/**************************************************************************
|
|
* Quoted Printable Functions
|
|
**************************************************************************/
|
|
-void
|
|
-gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len)
|
|
+static void hex(const char **p, const char *end, unsigned char *n)
|
|
{
|
|
- char *p, *n, *new;
|
|
+ int i, c;
|
|
|
|
- n = new = g_malloc(strlen (str) + 1);
|
|
+ for (i = 0, c = 0; i < 2 && *p < end; ++i, ++*p) {
|
|
+ c <<= 4;
|
|
+ switch (**p) {
|
|
+ case '0': break;
|
|
+ case '1': c += 1; break;
|
|
+ case '2': c += 2; break;
|
|
+ case '3': c += 3; break;
|
|
+ case '4': c += 4; break;
|
|
+ case '5': c += 5; break;
|
|
+ case '6': c += 6; break;
|
|
+ case '7': c += 7; break;
|
|
+ case '8': c += 8; break;
|
|
+ case '9': c += 9; break;
|
|
+ case 'a': c += 10; break;
|
|
+ case 'b': c += 11; break;
|
|
+ case 'c': c += 12; break;
|
|
+ case 'd': c += 13; break;
|
|
+ case 'e': c += 14; break;
|
|
+ case 'f': c += 15; break;
|
|
+ case 'A': c += 10; break;
|
|
+ case 'B': c += 11; break;
|
|
+ case 'C': c += 12; break;
|
|
+ case 'D': c += 13; break;
|
|
+ case 'E': c += 14; break;
|
|
+ case 'F': c += 15; break;
|
|
+ default:
|
|
+ if (i == 0) {
|
|
+ *n = **p;
|
|
+ ++*p;
|
|
+ return;
|
|
+ }
|
|
+ c >>= 4;
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
+done:
|
|
+ *n = (c > UCHAR_MAX) ? '?' : c;
|
|
+ return;
|
|
+}
|
|
|
|
- for (p = (char *)str; *p; p++, n++) {
|
|
+void
|
|
+gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len)
|
|
+{
|
|
+ const char *p, *end;
|
|
+ unsigned char *n, *new;
|
|
+ size_t len;
|
|
+
|
|
+ len = strlen (str);
|
|
+ n = new = g_malloc(len + 1);
|
|
+ p = str;
|
|
+ end = &p[len];
|
|
+ while (p < end) {
|
|
if (*p == '=') {
|
|
- sscanf(p + 1, "%2x\n", (int *)n);
|
|
- p += 2;
|
|
- }
|
|
- else if (*p == '_')
|
|
+ ++p;
|
|
+ hex(&p, end, n);
|
|
+ } else if (*p == '_')
|
|
*n = ' ';
|
|
else
|
|
*n = *p;
|
|
+ ++n;
|
|
}
|
|
-
|
|
*n = '\0';
|
|
|
|
if (ret_len)
|
|
@@ -1962,7 +2009,7 @@ gaim_url_parse(const char *url, char **r
|
|
char **ret_path)
|
|
{
|
|
char scan_info[255];
|
|
- char port_str[5];
|
|
+ char port_str[6];
|
|
int f;
|
|
const char *turl;
|
|
char host[256], path[256];
|
|
@@ -1982,16 +2029,21 @@ gaim_url_parse(const char *url, char **r
|
|
}
|
|
|
|
g_snprintf(scan_info, sizeof(scan_info),
|
|
- "%%[%s]:%%[%s]/%%[%s]", addr_ctrl, port_ctrl, page_ctrl);
|
|
+ "%%255[%s]:%%5[%s]/%%255[%s]", addr_ctrl, port_ctrl, page_ctrl);
|
|
+ addr_ctrl[sizeof(addr_ctrl)-1] = '\0';
|
|
+ port_ctrl[sizeof(port_ctrl)-1] = '\0';
|
|
+ page_ctrl[sizeof(page_ctrl)-1] = '\0';
|
|
|
|
f = sscanf(url, scan_info, host, port_str, path);
|
|
|
|
if (f == 1)
|
|
{
|
|
g_snprintf(scan_info, sizeof(scan_info),
|
|
- "%%[%s]/%%[%s]",
|
|
+ "%%255[%s]/%%255[%s]",
|
|
addr_ctrl, page_ctrl);
|
|
f = sscanf(url, scan_info, host, path);
|
|
+ addr_ctrl[sizeof(addr_ctrl)-1] = '\0';
|
|
+ page_ctrl[sizeof(page_ctrl)-1] = '\0';
|
|
g_snprintf(port_str, sizeof(port_str), "80");
|
|
}
|
|
|
|
@@ -2081,9 +2133,14 @@ parse_redirect(const char *data, size_t
|
|
static size_t
|
|
parse_content_len(const char *data, size_t data_len)
|
|
{
|
|
- size_t content_len = 0;
|
|
+ int content_len = 0;
|
|
+ char *tmp;
|
|
|
|
- sscanf(data, "Content-Length: %d", (int *)&content_len);
|
|
+ tmp = g_malloc(data_len + 1);
|
|
+ memcpy(tmp, data, data_len);
|
|
+ tmp[data_len] = '\0';
|
|
+ sscanf(tmp, "Content-Length: %d", &content_len);
|
|
+ g_free(tmp);
|
|
|
|
return content_len;
|
|
}
|