diff -up pidgin-2.6.6/libpurple/protocols/msn/msg.c.CVE-2012-2318 pidgin-2.6.6/libpurple/protocols/msn/msg.c --- pidgin-2.6.6/libpurple/protocols/msn/msg.c.CVE-2012-2318 2010-02-16 04:34:06.000000000 -0500 +++ pidgin-2.6.6/libpurple/protocols/msn/msg.c 2012-07-04 11:07:16.150396321 -0400 @@ -348,14 +348,48 @@ msn_message_parse_payload(MsnMessage *ms memcpy(msg->body, tmp, msg->body_len); msg->body[msg->body_len] = '\0'; } - - if ((!content_type || !strcmp(content_type, "text/plain")) - && msg->charset == NULL) { - char *body = g_convert(msg->body, msg->body_len, "UTF-8", - "ISO-8859-1", NULL, &msg->body_len, NULL); - g_free(msg->body); - msg->body = body; - msg->charset = g_strdup("UTF-8"); + + if (msg->body && content_type && purple_str_has_prefix(content_type, "text/")) { + char *body = NULL; + + if (msg->charset == NULL || g_str_equal(msg->charset, "UTF-8")) { + /* Charset is UTF-8 */ + if (!g_utf8_validate(msg->body, msg->body_len, NULL)) { + purple_debug_warning("msn", "Message contains invalid " + "UTF-8. Attempting to salvage.\n"); + body = purple_utf8_salvage(msg->body); + payload_len = strlen(body); + } + } else { + /* Charset is something other than UTF-8 */ + GError *err = NULL; + body = g_convert(msg->body, msg->body_len, "UTF-8", + msg->charset, NULL, &payload_len, &err); + if (!body || err) { + purple_debug_warning("msn", "Unable to convert message from " + "%s to UTF-8: %s\n", msg->charset, + err ? err->message : "Unknown error"); + if (err) + g_error_free(err); + + /* Fallback to ISO-8859-1 */ + g_free(body); + body = g_convert(msg->body, msg->body_len, "UTF-8", + "ISO-8859-1", NULL, &payload_len, NULL); + if (!body) { + g_free(msg->body); + msg->body = NULL; + msg->body_len = 0; + } + } + } + + if (body) { + g_free(msg->body); + msg->body = body; + msg->body_len = payload_len; + msn_message_set_charset(msg, "UTF-8"); + } } }