Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#14884 closed patch (fixed)

msn_oim_report_to_user does not do charset verification/conversion

Reported by: xnyhps Owned by: QuLogic
Milestone: 2.10.2 Component: MSN
Version: 2.10.1 Keywords: msn utf8 oim
Cc: salinasv, markdoliner

Description

msn_oim_report_to_user() never verifies if the message string is valid UTF-8.

In fact, if I read this correctly, every message contains a Content-Type: text/plain; charset=UTF-8 header, which I don't see being checked in that function.

#a15774 is caused by Adium receiving something that wasn't in UTF-8.

msn_oim_report_to_user() should at least reject invalid UTF-8, and ideally, do the charset conversion from the charset in the header to UTF-8.

Attachments (3)

msnoimcharset.diff (2.9 KB) - added by xnyhps 4 years ago.
Patch that should fix this
msnoimcharset.2.diff (2.9 KB) - added by xnyhps 4 years ago.
Updated to not use decode_msg after freeing it.
oimshowsalvaged.diff (2.1 KB) - added by xnyhps 4 years ago.

Download all attachments as: .zip

Change History (12)

Changed 4 years ago by xnyhps

Patch that should fix this

comment:1 Changed 4 years ago by xnyhps

I've attached a patch that should fix this. I've only been able to verify though that it still works on messages that are valid UTF-8, as I don't know what client sent the invalid UTF-8 response.

Changed 4 years ago by xnyhps

Updated to not use decode_msg after freeing it.

comment:2 Changed 4 years ago by salinasv

  • Cc salinasv added

comment:3 Changed 4 years ago by thijsalkemade@…

  • Milestone set to 3.0.0
  • Resolution set to fixed
  • Status changed from new to closed

(In 3053d6a37cc6d8774aba7607b992a4408216adcd):
MSN Patch from Thijs (xnyhps) Alkemade which do verify/convert to UTF-8 incoming OIM.

Fixes #14884

comment:4 Changed 4 years ago by salinasv

  • Type changed from defect to patch

comment:5 Changed 4 years ago by MarkDoliner

  • Cc markdoliner added

comment:6 Changed 4 years ago by Robby

Would this be something that should be propagated to 2.x.y?

Changed 4 years ago by xnyhps

comment:7 Changed 4 years ago by xnyhps

As commented by Eion and Etan, I've created an updated patch that will still show message to the user, salvaged and with a message about it that the encoding could not be successfully converted appended.

comment:8 Changed 4 years ago by masca@…

(In ecabfaee8a1ca02e18ebadbb41cdcce19e78bc2e):
Apply second patch from xnyhps this time to show the message salvaged to user.

Refs #14884

comment:9 Changed 4 years ago by qulogic@…

  • Milestone changed from 3.0.0 to 2.10.2

(In 18f2f94b625542348af0049e0132a83a1c58aef6):
Pluck fixes for OIM charset conversion.

* Plucked 3053d6a37cc6d8774aba7607b992a4408216adcd (thijsalkemade@…): MSN Patch from Thijs (xnyhps) Alkemade which do verify/convert to UTF-8 incoming OIM.

Fixes #14884

* Plucked ecabfaee8a1ca02e18ebadbb41cdcce19e78bc2e (masca@…): Apply second patch from xnyhps this time to show the message salvaged to user.

Refs #14884

* Plucked b1b8c222ab921963f43e83502b6c6e2e4489a8c4 (qulogic@…): Add newlines to debug messages, and word-wrap lines.

* Plucked fdb56683f2b5f88f7b388aaef6c53c810d19e374 (qulogic@…): We know the length of decode_msg here.

* Plucked f12c9f6a6c31bcd3512f162209285a88a86595ff (qulogic@…): This extra if-level can be dropped.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!