diff -up pidgin-2.6.6/libpurple/protocols/msn/msg.c.CVE-2012-2318 pidgin-2.6.6/libpurple/protocols/msn/msg.c
--- pidgin-2.6.6/libpurple/protocols/msn/msg.c.CVE-2012-2318 2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/protocols/msn/msg.c 2012-07-04 11:07:16.150396321 -0400
@@ -348,14 +348,48 @@ msn_message_parse_payload(MsnMessage *ms
memcpy(msg->body, tmp, msg->body_len);
msg->body[msg->body_len] = '\0';
}
-
- if ((!content_type || !strcmp(content_type, "text/plain"))
- && msg->charset == NULL) {
- char *body = g_convert(msg->body, msg->body_len, "UTF-8",
- "ISO-8859-1", NULL, &msg->body_len, NULL);
- g_free(msg->body);
- msg->body = body;
- msg->charset = g_strdup("UTF-8");
+
+ if (msg->body && content_type && purple_str_has_prefix(content_type, "text/")) {
+ char *body = NULL;
+
+ if (msg->charset == NULL || g_str_equal(msg->charset, "UTF-8")) {
+ /* Charset is UTF-8 */
+ if (!g_utf8_validate(msg->body, msg->body_len, NULL)) {
+ purple_debug_warning("msn", "Message contains invalid "
+ "UTF-8. Attempting to salvage.\n");
+ body = purple_utf8_salvage(msg->body);
+ payload_len = strlen(body);
+ }
+ } else {
+ /* Charset is something other than UTF-8 */
+ GError *err = NULL;
+ body = g_convert(msg->body, msg->body_len, "UTF-8",
+ msg->charset, NULL, &payload_len, &err);
+ if (!body || err) {
+ purple_debug_warning("msn", "Unable to convert message from "
+ "%s to UTF-8: %s\n", msg->charset,
+ err ? err->message : "Unknown error");
+ if (err)
+ g_error_free(err);
+
+ /* Fallback to ISO-8859-1 */
+ g_free(body);
+ body = g_convert(msg->body, msg->body_len, "UTF-8",
+ "ISO-8859-1", NULL, &payload_len, NULL);
+ if (!body) {
+ g_free(msg->body);
+ msg->body = NULL;
+ msg->body_len = 0;
+ }
+ }
+ }
+
+ if (body) {
+ g_free(msg->body);
+ msg->body = body;
+ msg->body_len = payload_len;
+ msn_message_set_charset(msg, "UTF-8");
+ }
}
}
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
9e7d2f4ac8cc09d3a5d0312d619be54c
>
files
>
10
