diff -up pidgin-2.6.6/libpurple/protocols/msn/oim.c.CVE-2012-1178 pidgin-2.6.6/libpurple/protocols/msn/oim.c --- pidgin-2.6.6/libpurple/protocols/msn/oim.c.CVE-2012-1178 2010-02-16 04:34:06.000000000 -0500 +++ pidgin-2.6.6/libpurple/protocols/msn/oim.c 2012-07-04 09:45:30.950673706 -0400 @@ -606,11 +606,12 @@ msn_oim_report_to_user(MsnOimRecvData *r const char *date; const char *from; const char *boundary; - char *decode_msg = NULL; + char *decode_msg = NULL, *clean_msg = NULL; gsize body_len; char **tokens; char *passport = NULL; time_t stamp; + const char *charset = NULL; message = msn_message_new(MSN_MSG_UNKNOWN); @@ -654,6 +655,48 @@ msn_oim_report_to_user(MsnOimRecvData *r } } else { decode_msg = (char *)purple_base64_decode(message->body, &body_len); + charset = msn_message_get_charset(message); + } + + if (charset && !((strncasecmp(charset, "UTF-8", 5) == 0) || (strncasecmp(charset, "UTF8", 4) == 0))) { + clean_msg = g_convert(decode_msg, body_len, "UTF-8", charset, NULL, NULL, NULL); + + if (!clean_msg) { + char *clean = purple_utf8_salvage(decode_msg); + + purple_debug_error("msn", "Failed to convert charset from %s to UTF-8 for OIM message: %s\n", charset, clean); + + clean_msg = g_strdup_printf(_("%s (There was an error receiving this message. " + "Converting the encoding from %s to UTF-8 failed.)"), + clean, charset); + g_free(clean); + + return; + } + + g_free(decode_msg); + + } else if (!g_utf8_validate(decode_msg, body_len, NULL)) { + char *clean = purple_utf8_salvage(decode_msg); + + purple_debug_error("msn", "Received an OIM message that is not UTF-8," + " and no encoding specified: %s\n", clean); + + if (charset) { + clean_msg = g_strdup_printf(_("%s (There was an error receiving this message." + " The charset was %s, but it was not valid UTF-8.)"), + clean, charset); + } else { + clean_msg = g_strdup_printf(_("%s (There was an error receiving this message." + " The charset was missing, but it was not valid UTF-8.)"), + clean); + } + + g_free(clean); + g_free(decode_msg); + + } else { + clean_msg = decode_msg; } from = msn_message_get_attr(message, "X-OIM-originatingSource"); @@ -695,7 +738,7 @@ msn_oim_report_to_user(MsnOimRecvData *r purple_debug_info("msn", "oim Date:{%s},passport{%s}\n", date, passport); - serv_got_im(rdata->oim->session->account->gc, passport, decode_msg, 0, + serv_got_im(rdata->oim->session->account->gc, passport, clean_msg, 0, stamp); /*Now get the oim message ID from the oim_list. @@ -704,7 +747,7 @@ msn_oim_report_to_user(MsnOimRecvData *r msn_oim_post_delete_msg(rdata); g_free(passport); - g_free(decode_msg); + g_free(clean_msg); msn_message_destroy(message); }