The last commit lost previously applied security fixes. Back it out,

and then re-fix the Yahoo! issue. Approved by: marcus
author: Jacques Vidrine <nectar@FreeBSD.org> 2004-02-09 18:09:08 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2004-02-09 18:09:08 +0000
commit: e4ef9cc2bd038730f94f3d8cf3c74b889b87821c (patch)
tree: c7d80ab2354e05923a783c79612aea2e1f925f27 /net-im
parent: Add libzvbi Support (WITH_LIBZVBI) to get a aletvd and a scantv (which won't (diff)
2 files changed, 256 insertions, 140 deletions
diff --git a/net-im/gaim/Makefile b/net-im/gaim/Makefile
index 933af8bd480b..100c251b7e0e 100644
--- a/net-im/gaim/Makefile
+++ b/net-im/gaim/Makefile
@@ -6,7 +6,7 @@
 
 PORTNAME=	gaim
 PORTVERSION=	0.75
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES?=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c
index 62bc5915c6e6..c90cbbac36b8 100644
--- a/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c
+++ b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c
@@ -1,139 +1,255 @@
---- src/protocols/yahoo/yahoo.c.orig	Sat Jan 10 07:04:09 2004
-+++ src/protocols/yahoo/yahoo.c	Fri Feb  6 11:43:13 2004
-@@ -131,8 +131,15 @@
- 		while (pos + 1 < len) {
- 			if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
- 				break;
-+			if (x >= sizeof(key)-1) {
-+				x++;
-+				continue;
-+			}
- 			key[x++] = data[pos++];
- 		}
-+		if (x >= sizeof(key)-1) {
-+			x = 0;
-+		}
- 		key[x] = 0;
- 		pos += 2;
- 		pair->key = strtol(key, NULL, 10);
-@@ -873,13 +880,17 @@
- static char *yahoo_decode(const char *text)
- {
- 	char *converted;
--	char *p, *n, *new;
--	
-+	char *n, *new;
-+	const char *end, *p;
-+	int i;
-+
- 	n = new = g_malloc(strlen (text) + 1);
-+	end = text + strlen(text);
- 
--	for (p = (char *)text; *p; p++, n++) {
-+	for (p = text; p < end; p++, n++) {
- 		if (*p == '\\') {
--			sscanf(p + 1, "%3o\n", (int *)n);
-+			sscanf(p + 1, "%3o\n", &i);
-+			*n = i;
- 			p += 3;
- 		}
- 		else
-@@ -887,7 +898,7 @@
- 	}
- 
- 	*n = '\0';
--	
-+
- 	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
- 	g_free(new);
- 
-@@ -1906,29 +1917,29 @@
- 	GaimConnection *gc = data;
- 	GaimAccount *account = gaim_connection_get_account(gc);
- 	struct yahoo_data *yd = gc->proto_data;
--	char buf[1024], buf2[256], *i = buf, *r = buf2;
--	int len, o = 0;
-+	char buf[1024], *i = buf;
-+	int len;
-+	GString *s;
- 
--	len = read(source, buf, sizeof(buf));
--	if (len <= 0  || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) {
-+	len = read(source, buf, sizeof(buf)-1);
-+	if (len <= 0  || (strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302") &&
-+			  strncmp(buf, "HTTP/1.1 302", strlen("HTTP/1.1 302"))))) {
- 		gaim_connection_error(gc, _("Unable to read"));
- 		return;
- 	}
--	
--	while ((i = strstr(i, "Set-Cookie: ")) && 0 < 2) {
--		i += strlen("Set-Cookie: "); 
--		for (;*i != ';'; r++, i++) {
--			*r = *i;
--		}
--		*r=';';
--		r++;
--		*r=' ';
--		r++;
--		o++;
--	}
--	/* Get rid of that "; " */
--	*(r-2) = '\0';
--	yd->auth = g_strdup(buf2);
-+
-+	s = g_string_sized_new(len);
-+	buf[sizeof(buf)-1] = '\0';
-+
-+	while ((i = strstr(i, "Set-Cookie: "))) {
-+		i += strlen("Set-Cookie: ");
-+		for (;*i != ';'; i++)
-+			g_string_append_c(s, *i);
-+
-+		g_string_append(s, "; ");
-+	}
-+
-+	yd->auth = g_string_free(s, FALSE);
- 	gaim_input_remove(gc->inpa);
- 	close(source);
- 	/* Now we have our cookies to login with.  I'll go get the milk. */
-@@ -1974,15 +1985,17 @@
- 	const char *c = buf;
- 	char *d;
- 	char name[64], value[64];
-+	int count = sizeof(name)-1;
- 	while ((c < (buf + len)) && (c = strstr(c, "<input "))) {
- 		c = strstr(c, "name=\"") + strlen("name=\"");
--		for (d = name; *c!='"'; c++, d++) 
-+		for (d = name; *c!='"' && count; c++, d++, count--) 
- 			*d = *c;
- 		*d = '\0';
-+		count = sizeof(value)-1;
- 		d = strstr(c, "value=\"") + strlen("value=\"");
- 		if (strchr(c, '>') < d)
- 			break;
--		for (c = d, d = value; *c!='"'; c++, d++)
-+		for (c = d, d = value; *c!='"' && count; c++, d++, count--)
- 			*d = *c;
- 		*d = '\0';
- 		g_hash_table_insert(hash, g_strdup(name), g_strdup(value));
-@@ -2705,15 +2718,12 @@
- 		return;
- 	/* It seems to work better without this */
- 
-+	/* if (gc->account->perm_deny != 4)
-+		return; */
-+
-+	if (!who || who[0] == '\0')
-+		return;
- 
--	/* 
--	 * if (gc->account->perm_deny != 4)
--	 *	return;
-- 	 *
--	 * if (!who || who[0] == '\0')
--	 *		return;
--	 */
--    
- 	pkt = yahoo_packet_new(YAHOO_SERVICE_IGNORECONTACT, YAHOO_STATUS_AVAILABLE, 0);
- 	yahoo_packet_hash(pkt, 1, gaim_connection_get_display_name(gc));
- 	yahoo_packet_hash(pkt, 7, who);
+*** src/protocols/yahoo/yahoo.c.orig	Fri Jan  9 23:04:09 2004
+--- src/protocols/yahoo/yahoo.c	Mon Feb  9 09:01:02 2004
+***************
+*** 20,25 ****
+--- 20,26 ----
+   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+   *
+   */
++ #include <limits.h>
+  #include "internal.h"
+  
+  #include "account.h"
+***************
+*** 131,138 ****
+--- 132,147 ----
+  		while (pos + 1 < len) {
+  			if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
+  				break;
++ 			if (x >= sizeof(key)-1) {
++ 				x++;
++ 				pos++;
++ 				continue;
++ 
++ 			}
+  			key[x++] = data[pos++];
+  		}
++ 		if (x >= sizeof(key)-1)
++ 			x = 0;
+  		key[x] = 0;
+  		pos += 2;
+  		pair->key = strtol(key, NULL, 10);
+***************
+*** 868,899 ****
+  	}
+  }
+  
+  #define OUT_CHARSET "utf-8"
+  
+  static char *yahoo_decode(const char *text)
+  {
+  	char *converted;
+! 	char *p, *n, *new;
+! 	
+! 	n = new = g_malloc(strlen (text) + 1);
+! 
+! 	for (p = (char *)text; *p; p++, n++) {
+  		if (*p == '\\') {
+! 			sscanf(p + 1, "%3o\n", (int *)n);
+! 			p += 3;
+! 		}
+! 		else
+! 			*n = *p;
+  	}
+- 
+  	*n = '\0';
+- 	
+  	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+  	g_free(new);
+  
+  	return converted;
+  }
+  
+  static void yahoo_process_mail(GaimConnection *gc, struct yahoo_packet *pkt)
+  {
+  	GaimAccount *account = gaim_connection_get_account(gc);
+--- 877,942 ----
+  	}
+  }
+  
++ 
++ static void octal(const char **p, const char *end, unsigned char *n)
++ {
++ 	int i, c;
++ 
++ 	for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) {
++ 		c <<= 3;
++ 		switch (**p) {
++ 		case '0': break;
++ 		case '1': c += 1; break;
++ 		case '2': c += 2; break;
++ 		case '3': c += 3; break;
++ 		case '4': c += 4; break;
++ 		case '5': c += 5; break;
++ 		case '6': c += 6; break;
++ 		case '7': c += 7; break;
++ 		default:
++ 			  if (i == 0) {
++ 				  *n = **p;
++ 				  ++*p;
++ 				  return;
++ 			  }
++ 			  c >>= 3;
++ 			  goto done;
++ 		}
++ 	}
++ done:
++ 	*n = (c > UCHAR_MAX) ? '?' : c;
++ 	return;
++ }
++ 
+  #define OUT_CHARSET "utf-8"
+  
+  static char *yahoo_decode(const char *text)
+  {
+  	char *converted;
+! 	unsigned char *n, *new;
+! 	size_t len;
+! 	const char *p, *end;
+! 
+! 	len = strlen (text);
+! 	p = text;
+! 	end = &text[len];
+! 	n = new = g_malloc(len + 1);
+! 	while (p < end) {
+  		if (*p == '\\') {
+! 			++p;
+! 			octal(&p, end, n);
+! 		} else
+! 			*n = *p++;
+! 		++n;
+  	}
+  	*n = '\0';
+  	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+  	g_free(new);
+  
+  	return converted;
+  }
+  
++ 
+  static void yahoo_process_mail(GaimConnection *gc, struct yahoo_packet *pkt)
+  {
+  	GaimAccount *account = gaim_connection_get_account(gc);
+***************
+*** 1903,1934 ****
+  
+  static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond)
+  {
+  	GaimConnection *gc = data;
+  	GaimAccount *account = gaim_connection_get_account(gc);
+  	struct yahoo_data *yd = gc->proto_data;
+! 	char buf[1024], buf2[256], *i = buf, *r = buf2;
+! 	int len, o = 0;
+  
+  	len = read(source, buf, sizeof(buf));
+! 	if (len <= 0  || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) {
+  		gaim_connection_error(gc, _("Unable to read"));
+  		return;
+  	}
+! 	
+! 	while ((i = strstr(i, "Set-Cookie: ")) && 0 < 2) {
+! 		i += strlen("Set-Cookie: "); 
+! 		for (;*i != ';'; r++, i++) {
+! 			*r = *i;
+! 		}
+! 		*r=';';
+! 		r++;
+! 		*r=' ';
+! 		r++;
+! 		o++;
+! 	}
+! 	/* Get rid of that "; " */
+! 	*(r-2) = '\0';
+! 	yd->auth = g_strdup(buf2);
+  	gaim_input_remove(gc->inpa);
+  	close(source);
+  	/* Now we have our cookies to login with.  I'll go get the milk. */
+--- 1946,1981 ----
+  
+  static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond)
+  {
++ 	static const char setcookie[] = "Set-Cookie: ";
++ 	char http302[] = "HTTP/1.0 302";
+  	GaimConnection *gc = data;
+  	GaimAccount *account = gaim_connection_get_account(gc);
+  	struct yahoo_data *yd = gc->proto_data;
+! 	char buf[1024], *i = buf;
+! 	int len;
+! 	GString *s;
+  
+  	len = read(source, buf, sizeof(buf));
+! 	if (len <= 0) {
+  		gaim_connection_error(gc, _("Unable to read"));
+  		return;
+  	}
+! 	if (len >= sizeof(http302)-1 &&
+! 	    (memcmp(http302, buf, sizeof(http302)-1) != 0) &&
+! 	    (http302[7] = '1') &&
+! 	    (memcmp(http302, buf, sizeof(http302)-1) != 0)) {
+! 		gaim_connection_error(gc, _("Unable to read"));
+! 		return;
+! 	}
+! 	s = g_string_sized_new(len);
+! 	buf[len] = '\0';
+! 	while ((i = strstr(i, setcookie)) != NULL) {
+! 		i += sizeof(setcookie)-1;
+! 		for (;*i != ';'; i++)
+! 			g_string_append_c(s, *i);
+! 		g_string_append(s, "; ");
+! 	}
+! 	yd->auth = g_string_free(s, FALSE);
+  	gaim_input_remove(gc->inpa);
+  	close(source);
+  	/* Now we have our cookies to login with.  I'll go get the milk. */
+***************
+*** 1937,1943 ****
+  			       yahoo_got_web_connected, gc) != 0) {
+  		gaim_connection_error(gc, _("Connection problem"));
+  		return;
+! 	}	
+  }
+  
+  static void yahoo_got_cookies(gpointer data, gint source, GaimInputCondition cond)
+--- 1984,1990 ----
+  			       yahoo_got_web_connected, gc) != 0) {
+  		gaim_connection_error(gc, _("Connection problem"));
+  		return;
+! 	}
+  }
+  
+  static void yahoo_got_cookies(gpointer data, gint source, GaimInputCondition cond)
+***************
+*** 1974,1988 ****
+  	const char *c = buf;
+  	char *d;
+  	char name[64], value[64];
+  	while ((c < (buf + len)) && (c = strstr(c, "<input "))) {
+  		c = strstr(c, "name=\"") + strlen("name=\"");
+! 		for (d = name; *c!='"'; c++, d++) 
+  			*d = *c;
+  		*d = '\0';
+  		d = strstr(c, "value=\"") + strlen("value=\"");
+  		if (strchr(c, '>') < d)
+  			break;
+! 		for (c = d, d = value; *c!='"'; c++, d++)
+  			*d = *c;
+  		*d = '\0';
+  		g_hash_table_insert(hash, g_strdup(name), g_strdup(value));
+--- 2021,2037 ----
+  	const char *c = buf;
+  	char *d;
+  	char name[64], value[64];
++ 	int count = sizeof(name)-1;
+  	while ((c < (buf + len)) && (c = strstr(c, "<input "))) {
+  		c = strstr(c, "name=\"") + strlen("name=\"");
+! 		for (d = name; *c!='"' && count; c++, d++, count--)
+  			*d = *c;
+  		*d = '\0';
++ 		count = sizeof(value)-1;
+  		d = strstr(c, "value=\"") + strlen("value=\"");
+  		if (strchr(c, '>') < d)
+  			break;
+! 		for (c = d, d = value; *c!='"' && count; c++, d++, count--)
+  			*d = *c;
+  		*d = '\0';
+  		g_hash_table_insert(hash, g_strdup(name), g_strdup(value));
author	Jacques Vidrine <nectar@FreeBSD.org>	2004-02-09 18:09:08 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2004-02-09 18:09:08 +0000
commit	e4ef9cc2bd038730f94f3d8cf3c74b889b87821c (patch)
tree	c7d80ab2354e05923a783c79612aea2e1f925f27 /net-im
parent	Add libzvbi Support (WITH_LIBZVBI) to get a aletvd and a scantv (which won't (diff)