Attachment #38961 for bug #90337

View | Details | Raw Unified | Return to bug 90337
Collapse All | Expand All

Lines 205-211 msn_message_parse_payload(MsnMessage *ms Link Here

(-)src/protocols/msn/msg.c (-12 / +26 lines)
205	/* TODO? some clients use \r delimiters instead of \r\n, the official client	205	/* TODO? some clients use \r delimiters instead of \r\n, the official client
206	* doesn't send such messages, but does handle receiving them. We'll just	206	* doesn't send such messages, but does handle receiving them. We'll just
207	* avoid crashing for now */	207	* avoid crashing for now */
208	g_return_if_fail(end != NULL);	208	if (end == NULL) {
		209	g_free(tmp_base);
		210	g_return_if_reached();
		211	}
209	*end = '\0';	212	*end = '\0';
210		213
211	elems = g_strsplit(tmp, "\r\n", 0);	214	elems = g_strsplit(tmp, "\r\n", 0);
Lines 252-257 msn_message_parse_payload(MsnMessage *ms Link Here
252		255
253	g_strfreev(elems);	256	g_strfreev(elems);
254		257
		258	/* Proceed to the end of the "\r\n\r\n" */
255	tmp = end + 4;	259	tmp = end + 4;
256		260
257	/* Now we should be at the body. */	261	/* Now we should be at the body. */
Lines 262-267 msn_message_parse_payload(MsnMessage *ms Link Here
262	{	266	{
263	MsnSlpHeader header;	267	MsnSlpHeader header;
264	MsnSlpFooter footer;	268	MsnSlpFooter footer;
		269	int body_len;
		270
		271	if (payload_len - (tmp - tmp_base) < sizeof(header)) {
		272	g_free(tmp_base);
		273	g_return_if_reached();
		274	}
265		275
266	msg->msnslp_message = TRUE;	276	msg->msnslp_message = TRUE;
267		277
Lines 279-302 msn_message_parse_payload(MsnMessage *ms Link Here
279	msg->msnslp_header.ack_sub_id = GUINT32_FROM_LE(header.ack_sub_id);	289	msg->msnslp_header.ack_sub_id = GUINT32_FROM_LE(header.ack_sub_id);
280	msg->msnslp_header.ack_size = GUINT64_FROM_LE(header.ack_size);	290	msg->msnslp_header.ack_size = GUINT64_FROM_LE(header.ack_size);
281		291
282	/* Import the body. */	292	body_len = payload_len - (tmp - tmp_base) - sizeof(footer);
283	msg->body_len = payload_len - (tmp - tmp_base) - sizeof(footer);
284		293
285	if (msg->body_len > 0)	294	/* Import the body. */
		295	if (body_len > 0) {
		296	msg->body_len = body_len;
286	msg->body = g_memdup(tmp, msg->body_len);	297	msg->body = g_memdup(tmp, msg->body_len);
287		298	tmp += body_len;
288	tmp += msg->body_len;	299	}
289		300
290	/* Import the footer. */	301	/* Import the footer. */
291	memcpy(&footer, tmp, sizeof(footer));	302	if (body_len >= 0) {
292	tmp += sizeof(footer);	303	memcpy(&footer, tmp, sizeof(footer));
293		304	tmp += sizeof(footer);
294	msg->msnslp_footer.value = GUINT32_FROM_BE(footer.value);	305	msg->msnslp_footer.value = GUINT32_FROM_BE(footer.value);
		306	}
295	}	307	}
296	else	308	else
297	{	309	{
298	msg->body_len = payload_len - (tmp - tmp_base);	310	if (payload_len - (tmp - tmp_base) > 0) {
299	msg->body = g_memdup(tmp, msg->body_len);	311	msg->body_len = payload_len - (tmp - tmp_base);
		312	msg->body = g_memdup(tmp, msg->body_len);
		313	}
300	}	314	}
301		315
302	g_free(tmp_base);	316	g_free(tmp_base);

Return to bug 90337