Context Navigation

source: protocols/msn/msn_util.c @ 27a057c

Last change on this file since 27a057c was 3c28bd4, checked in by dequis <dx@…>, at 2015-05-31T02:40:05Z
msn: fix use after free in msn_handle_command
Property mode set to `100644`
File size: 10.2 KB

Line
1	/********************************************************************\
2	* BitlBee -- An IRC to other IM-networks gateway *
3	* *
4	* Copyright 2002-2012 Wilmer van der Gaast and others *
5	\********************************************************************/
6
7	/* MSN module - Miscellaneous utilities */
8
9	/*
10	This program is free software; you can redistribute it and/or modify
11	it under the terms of the GNU General Public License as published by
12	the Free Software Foundation; either version 2 of the License, or
13	(at your option) any later version.
14
15	This program is distributed in the hope that it will be useful,
16	but WITHOUT ANY WARRANTY; without even the implied warranty of
17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	GNU General Public License for more details.
19
20	You should have received a copy of the GNU General Public License with
21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
22	if not, write to the Free Software Foundation, Inc., 51 Franklin St.,
23	Fifth Floor, Boston, MA 02110-1301 USA
24	*/
25
26	#include "nogaim.h"
27	#include "msn.h"
28	#include "md5.h"
29	#include "soap.h"
30	#include <ctype.h>
31
32	static char adlrml_entry(const char handle_, msn_buddy_flags_t list)
33	{
34	char *domain, handle[strlen(handle_) + 1];
35
36	strcpy(handle, handle_);
37	if ((domain = strchr(handle, '@'))) {
38	*(domain++) = '\0';
39	} else {
40	return NULL;
41	}
42
43	return g_markup_printf_escaped("<ml><d n=\"%s\"><c n=\"%s\" l=\"%d\" t=\"1\"/></d></ml>",
44	domain, handle, list);
45	}
46
47	int msn_buddy_list_add(struct im_connection ic, msn_buddy_flags_t list, const char who, const char *realname,
48	const char *group)
49	{
50	struct msn_data *md = ic->proto_data;
51	char groupid[8];
52	bee_user_t *bu;
53	struct msn_buddy_data *bd;
54	char *adl;
55
56	*groupid = '\0';
57
58	if (!((bu = bee_user_by_handle(ic->bee, ic, who)) \|\|
59	(bu = bee_user_new(ic->bee, ic, who, 0))) \|\|
60	!(bd = bu->data) \|\| bd->flags & list) {
61	return 1;
62	}
63
64	bd->flags \|= list;
65
66	if (list == MSN_BUDDY_FL) {
67	msn_soap_ab_contact_add(ic, bu);
68	} else {
69	msn_soap_memlist_edit(ic, who, TRUE, list);
70	}
71
72	if ((adl = adlrml_entry(who, list))) {
73	int st = msn_ns_write(ic, "ADL %d %zd\r\n%s",
74	++md->trId, strlen(adl), adl);
75	g_free(adl);
76
77	return st;
78	}
79
80	return 1;
81	}
82
83	int msn_buddy_list_remove(struct im_connection ic, msn_buddy_flags_t list, const char who, const char *group)
84	{
85	struct msn_data *md = ic->proto_data;
86	char groupid[8];
87	bee_user_t *bu;
88	struct msn_buddy_data *bd;
89	char *adl;
90
91	*groupid = '\0';
92
93	if (!(bu = bee_user_by_handle(ic->bee, ic, who)) \|\|
94	!(bd = bu->data) \|\| !(bd->flags & list)) {
95	return 1;
96	}
97
98	bd->flags &= ~list;
99
100	if (list == MSN_BUDDY_FL) {
101	msn_soap_ab_contact_del(ic, bu);
102	} else {
103	msn_soap_memlist_edit(ic, who, FALSE, list);
104	}
105
106	if ((adl = adlrml_entry(who, list))) {
107	int st = msn_ns_write(ic, "RML %d %zd\r\n%s",
108	++md->trId, strlen(adl), adl);
109	g_free(adl);
110
111	return st;
112	}
113
114	return 1;
115	}
116
117	struct msn_buddy_ask_data {
118	struct im_connection *ic;
119	char *handle;
120	char *realname;
121	};
122
123	static void msn_buddy_ask_free(void *data)
124	{
125	struct msn_buddy_ask_data *bla = data;
126
127	g_free(bla->handle);
128	g_free(bla->realname);
129	g_free(bla);
130	}
131
132	static void msn_buddy_ask_yes(void *data)
133	{
134	struct msn_buddy_ask_data *bla = data;
135
136	msn_buddy_list_add(bla->ic, MSN_BUDDY_AL, bla->handle, bla->realname, NULL);
137
138	imcb_ask_add(bla->ic, bla->handle, NULL);
139
140	msn_buddy_ask_free(bla);
141	}
142
143	static void msn_buddy_ask_no(void *data)
144	{
145	struct msn_buddy_ask_data *bla = data;
146
147	msn_buddy_list_add(bla->ic, MSN_BUDDY_BL, bla->handle, bla->realname, NULL);
148
149	msn_buddy_ask_free(bla);
150	}
151
152	void msn_buddy_ask(bee_user_t *bu)
153	{
154	struct msn_buddy_ask_data *bla;
155	struct msn_buddy_data *bd = bu->data;
156	char buf[1024];
157
158	if (!(bd->flags & MSN_BUDDY_PL)) {
159	return;
160	}
161
162	bla = g_new0(struct msn_buddy_ask_data, 1);
163	bla->ic = bu->ic;
164	bla->handle = g_strdup(bu->handle);
165	bla->realname = g_strdup(bu->fullname);
166
167	g_snprintf(buf, sizeof(buf),
168	"The user %s (%s) wants to add you to his/her buddy list.",
169	bu->handle, bu->fullname);
170
171	imcb_ask_with_free(bu->ic, buf, bla, msn_buddy_ask_yes, msn_buddy_ask_no, msn_buddy_ask_free);
172	}
173
174	void msn_queue_feed(struct msn_data h, char bytes, int st)
175	{
176	h->rxq = g_renew(char, h->rxq, h->rxlen + st);
177	memcpy(h->rxq + h->rxlen, bytes, st);
178	h->rxlen += st;
179
180	if (getenv("BITLBEE_DEBUG")) {
181	fprintf(stderr, "\n\x1b[92m<<< ");
182	write(2, bytes , st);
183	fprintf(stderr, "\x1b[97m");
184	}
185	}
186
187
188	static int msn_handle_command(struct msn_data *h) {
189	char msg, *cmd;
190	int count, st;
191
192	msg = g_strndup(h->rxq, h->msglen);
193
194	cmd = g_strsplit_set(h->cmd_text, " ", -1);
195	count = g_strv_length(cmd);
196
197	/* msn_data might be freed if there's a server error,
198	* so clean this up now - we don't need it anymore */
199	g_free(h->cmd_text);
200	h->cmd_text = NULL;
201
202	st = msn_ns_command(h, cmd, count, msg, h->msglen);
203
204	g_strfreev(cmd);
205	g_free(msg);
206
207	return st;
208	}
209
210	/* This one handles input from a MSN Messenger server. Both the NS and SB servers usually give
211	commands, but sometimes they give additional data (payload). This function tries to handle
212	this all in a nice way and send all data to the right places. */
213
214	/* Return values: -1: Read error, abort connection.
215	0: Command reported error; Abort immediately. (The connection does not exist anymore)
216	1: OK */
217
218	int msn_handler(struct msn_data *h)
219	{
220	int st = 1;
221
222	while (st) {
223	int i;
224
225	if (h->msglen == 0) {
226	for (i = 0; i < h->rxlen; i++) {
227	if (h->rxq[i] == '\r' \|\| h->rxq[i] == '\n') {
228	char cmd_text, last_param;
229	guint64 parsed_len;
230
231	cmd_text = g_strndup(h->rxq, i);
232
233	/* find the position of the last parameter from the end */
234	last_param = cmd_text + i;
235	while (last_param != cmd_text && last_param[-1] != ' ') {
236	last_param--;
237	}
238
239	/* that parameter is the payload size */
240	if (!parse_int64(last_param, 10, &parsed_len)) {
241	return -1;
242	}
243
244	h->msglen = (int) parsed_len;
245	h->cmd_text = cmd_text;
246
247	/* if there's no payload, handle it right away */
248	if (parsed_len == 0 && !msn_handle_command(h)) {
249	return 0;
250	}
251
252	/* Skip the \r\n */
253	i += 2;
254
255	break;
256	}
257	}
258
259	/* If we reached the end of the buffer, there's still an incomplete command there.
260	Return and wait for more data. */
261	if (i && i == h->rxlen && h->rxq[i - 1] != '\r' && h->rxq[i - 1] != '\n') {
262	break;
263	}
264	} else {
265
266	/* Do we have the complete message already? */
267	if (h->msglen > h->rxlen) {
268	break;
269	} else if (!msn_handle_command(h)) {
270	return 0;
271	}
272
273	i = h->msglen;
274	h->msglen = 0;
275	}
276
277	/* More data after this block? */
278	if (i < h->rxlen) {
279	char *tmp;
280
281	tmp = g_memdup(h->rxq + i, h->rxlen - i);
282	g_free(h->rxq);
283	h->rxq = tmp;
284	h->rxlen -= i;
285	i = 0;
286	} else {
287	/* If not, reset the rx queue and get lost. */
288	g_free(h->rxq);
289	h->rxq = g_new0(char, 1);
290	h->rxlen = 0;
291	return(1);
292	}
293	}
294
295	return(1);
296	}
297
298	/* Copied and heavily modified from http://tmsnc.sourceforge.net/chl.c */
299	char msn_p11_challenge(char challenge)
300	{
301	char *output, buf[256];
302	md5_state_t md5c;
303	unsigned char md5Hash[16], *newHash;
304	unsigned int md5Parts, chlStringParts, newHashParts[5];
305	long long nHigh = 0, nLow = 0;
306	int i, n;
307
308	/* Create the MD5 hash */
309	md5_init(&md5c);
310	md5_append(&md5c, (unsigned char *) challenge, strlen(challenge));
311	md5_append(&md5c, (unsigned char *) MSNP11_PROD_KEY, strlen(MSNP11_PROD_KEY));
312	md5_finish(&md5c, md5Hash);
313
314	/* Split it into four integers */
315	md5Parts = (unsigned int *) md5Hash;
316	for (i = 0; i < 4; i++) {
317	md5Parts[i] = GUINT32_TO_LE(md5Parts[i]);
318
319	/* & each integer with 0x7FFFFFFF */
320	/* and save one unmodified array for later */
321	newHashParts[i] = md5Parts[i];
322	md5Parts[i] &= 0x7FFFFFFF;
323	}
324
325	/* make a new string and pad with '0' */
326	n = g_snprintf(buf, sizeof(buf) - 5, "%s%s00000000", challenge, MSNP11_PROD_ID);
327	/* truncate at an 8-byte boundary */
328	buf[n &= ~7] = '\0';
329
330	/* split into integers */
331	chlStringParts = (unsigned int *) buf;
332
333	/* this is magic */
334	for (i = 0; i < (n / 4) - 1; i += 2) {
335	long long temp;
336
337	chlStringParts[i] = GUINT32_TO_LE(chlStringParts[i]);
338	chlStringParts[i + 1] = GUINT32_TO_LE(chlStringParts[i + 1]);
339
340	temp =
341	(md5Parts[0] *
342	(((0x0E79A9C1 *
343	(long long) chlStringParts[i]) % 0x7FFFFFFF) + nHigh) + md5Parts[1]) % 0x7FFFFFFF;
344	nHigh =
345	(md5Parts[2] *
346	(((long long) chlStringParts[i + 1] + temp) % 0x7FFFFFFF) + md5Parts[3]) % 0x7FFFFFFF;
347	nLow = nLow + nHigh + temp;
348	}
349	nHigh = (nHigh + md5Parts[1]) % 0x7FFFFFFF;
350	nLow = (nLow + md5Parts[3]) % 0x7FFFFFFF;
351
352	newHashParts[0] ^= nHigh;
353	newHashParts[1] ^= nLow;
354	newHashParts[2] ^= nHigh;
355	newHashParts[3] ^= nLow;
356
357	/* swap more bytes if big endian */
358	for (i = 0; i < 4; i++) {
359	newHashParts[i] = GUINT32_TO_LE(newHashParts[i]);
360	}
361
362	/* make a string of the parts */
363	newHash = (unsigned char *) newHashParts;
364
365	/* convert to hexadecimal */
366	output = g_new(char, 33);
367	for (i = 0; i < 16; i++) {
368	sprintf(output + i * 2, "%02x", newHash[i]);
369	}
370
371	return output;
372	}
373
374	gint msn_domaintree_cmp(gconstpointer a_, gconstpointer b_)
375	{
376	const char a = a_, b = b_;
377	gint ret;
378
379	if (!(a = strchr(a, '@')) \|\| !(b = strchr(b, '@')) \|\|
380	(ret = strcmp(a, b)) == 0) {
381	ret = strcmp(a_, b_);
382	}
383
384	return ret;
385	}
386
387	struct msn_group msn_group_by_name(struct im_connection ic, const char *name)
388	{
389	struct msn_data *md = ic->proto_data;
390	GSList *l;
391
392	for (l = md->groups; l; l = l->next) {
393	struct msn_group *mg = l->data;
394
395	if (g_strcasecmp(mg->name, name) == 0) {
396	return mg;
397	}
398	}
399
400	return NULL;
401	}
402
403	struct msn_group msn_group_by_id(struct im_connection ic, const char *id)
404	{
405	struct msn_data *md = ic->proto_data;
406	GSList *l;
407
408	for (l = md->groups; l; l = l->next) {
409	struct msn_group *mg = l->data;
410
411	if (g_strcasecmp(mg->id, id) == 0) {
412	return mg;
413	}
414	}
415
416	return NULL;
417	}
418
419	int msn_ns_set_display_name(struct im_connection ic, const char value)
420	{
421	// TODO, implement this through msn_set_away's method
422	return 1;
423	}
424
425	const char msn_normalize_handle(const char handle)
426	{
427	if (strncmp(handle, "1:", 2) == 0) {
428	return handle + 2;
429	} else {
430	return handle;
431	}
432	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: