From b960828c6d1b67e8467c31dfd52f896bafd6ae19 Mon Sep 17 00:00:00 2001
From: Joe Marcus Clarke <marcus@FreeBSD.org>
Date: Sat, 23 Nov 2002 23:56:10 +0000
Subject: Fix a segfault in the Yahoo protocol that can occur when a user
 receives new email.

Reported by:	Kenneth W Cochran <kwc@TheWorld.com>
Obtained from:	gaim CVS
---
 net-im/gaim/Makefile                               |  1 +
 .../gaim/files/patch-src_protocols_yahoo_yahoo.c   | 49 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 net-im/gaim/files/patch-src_protocols_yahoo_yahoo.c

(limited to 'net-im')

diff --git a/net-im/gaim/Makefile b/net-im/gaim/Makefile
index ad9091594210..2f440eb81180 100644
--- a/net-im/gaim/Makefile
+++ b/net-im/gaim/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	gaim
 PORTVERSION=	0.59.6
+PORTREVISION=	1
 CATEGORIES?=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/net-im/gaim/files/patch-src_protocols_yahoo_yahoo.c b/net-im/gaim/files/patch-src_protocols_yahoo_yahoo.c
new file mode 100644
index 000000000000..f538f5c4ba62
--- /dev/null
+++ b/net-im/gaim/files/patch-src_protocols_yahoo_yahoo.c
@@ -0,0 +1,49 @@
+This patch fixes a segfault that can occur when a Yahoo user receives new
+mail.  This patch is from gaim CVS, and will be integrated in the next
+release.
+
+--- src/protocols/yahoo/yahoo.c	2002/11/12 00:50:21	1.43.2.7
++++ src/protocols/yahoo/yahoo.c	2002/11/23 18:50:47	1.43.2.8
+@@ -259,19 +259,20 @@
+ 		pair->key = strtol(key, NULL, 10);
+ 		accept = x; /* if x is 0 there was no key, so don't accept it */
+ 
+-		if (accept)
++		if (len - pos + 1 <= 0) {
++			/* Truncated. Garbage or something. */
++			accept = 0;
++		}
++
++		if (accept) {
+ 			value = g_malloc(len - pos + 1);
+-		x = 0;
+-		while (pos + 1 < len) {
+-			if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
+-				break;
+-			if (accept)
++			x = 0;
++			while (pos + 1 < len) {
++				if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
++					break;
+ 				value[x++] = data[pos++];
+-		}
+-		if (accept)
++			}
+ 			value[x] = 0;
+-		pos += 2;
+-		if (accept) {
+ 			pair->value = g_strdup(value);
+ 			g_free(value);
+ 			pkt->hash = g_slist_append(pkt->hash, pair);
+@@ -279,6 +280,11 @@
+ 		} else {
+ 			g_free(pair);
+ 		}
++		pos += 2;
++
++		/* Skip over garbage we've noticed in the mail notifications */
++		if (data[0] == '9' && data[pos] == 0x01)
++			pos++;
+ 	}
+ }
+ 
-- 
cgit v1.2.3