diff options
Diffstat (limited to 'chat/centericq/patches/patch-ah')
| -rw-r--r-- | chat/centericq/patches/patch-ah | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/chat/centericq/patches/patch-ah b/chat/centericq/patches/patch-ah new file mode 100644 index 00000000000..c221113feb3 --- /dev/null +++ b/chat/centericq/patches/patch-ah @@ -0,0 +1,161 @@ +$NetBSD: patch-ah,v 1.1 2005/09/19 19:42:11 adrianp Exp $ + +--- libgadu-0.1/events.c.orig 2004-06-10 20:20:08.000000000 +0100 ++++ libgadu-0.1/events.c +@@ -27,6 +27,7 @@ + #include <arpa/inet.h> + + #include "libgadu-config.h" ++#include "libgadu.h" + + #include <errno.h> + #ifdef __GG_LIBGADU_HAVE_PTHREAD +@@ -153,7 +154,7 @@ int gg_image_queue_remove(struct gg_sess + * - e - opis zdarzenia + * - + */ +-static void gg_image_queue_parse(struct gg_event *e, char *p, int len, struct gg_session *sess, uin_t sender) ++static void gg_image_queue_parse(struct gg_event *e, char *p, unsigned int len, struct gg_session *sess, uin_t sender) + { + struct gg_msg_image_reply *i = (void*) p; + struct gg_image_queue *q, *qq; +@@ -285,7 +286,7 @@ static int gg_handle_recv_msg(struct gg_ + + count = gg_fix32(m->count); + +- if (p + count * sizeof(uin_t) > packet_end) { ++ if (p + count * sizeof(uin_t) > packet_end || p + count * sizeof(uin_t) < p || count > 0xffff) { + gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (1.5)\n"); + goto malformed; + } +@@ -296,8 +297,11 @@ static int gg_handle_recv_msg(struct gg_ + goto fail; + } + +- for (i = 0; i < count; i++, p += sizeof(uin_t)) +- e->event.msg.recipients[i] = gg_fix32(*((uint32_t*) p)); ++ for (i = 0; i < count; i++, p += sizeof(uint32_t)) { ++ uint32_t u; ++ memcpy(&u, p, sizeof(uint32_t)); ++ e->event.msg.recipients[i] = gg_fix32(u); ++ } + + e->event.msg.recipients_count = count; + +@@ -306,15 +310,15 @@ static int gg_handle_recv_msg(struct gg_ + + case 0x02: /* richtext */ + { +- unsigned short len; ++ uint16_t len; + char *buf; + + if (p + 3 > packet_end) { + gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (2)\n"); + goto malformed; + } +- +- len = gg_fix16(*((unsigned short*) (p + 1))); ++ memcpy(&len, p + 1, sizeof(uint16_t)); ++ len = gg_fix16(len); + + if (!(buf = malloc(len))) { + gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() not enough memory for richtext data\n"); +@@ -361,12 +365,22 @@ static int gg_handle_recv_msg(struct gg_ + case 0x05: /* image_reply */ + case 0x06: + { +- if (p + sizeof(struct gg_msg_image_reply) + 1 > packet_end) { ++ struct gg_msg_image_reply *rep = (void*)p; ++ ++ if (p + sizeof(struct gg_msg_image_reply) == packet_end) { ++ e->type = GG_EVENT_IMAGE_REPLY; ++ e->event.image_reply.sender = gg_fix32(r->sender); ++ e->event.image_reply.size = 0; ++ e->event.image_reply.crc32 = gg_fix32(rep->crc32); ++ e->event.image_reply.filename = NULL; ++ e->event.image_reply.image = NULL; ++ } else if (p + sizeof(struct gg_msg_image_reply) + 1 > packet_end) { + gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (4)\n"); + goto malformed; + } +- +- gg_image_queue_parse(e, p, (int)(packet_end - p), sess, gg_fix32(r->sender)); ++ rep->size = gg_fix32(rep->size); ++ rep->crc32 = gg_fix32(rep->crc32); ++ gg_image_queue_parse(e, p, (unsigned int)(packet_end - p), sess, gg_fix32(r->sender)); + + return 0; + } +@@ -443,7 +457,7 @@ static int gg_watch_fd_connected(struct + case GG_NOTIFY_REPLY: + { + struct gg_notify_reply *n = (void*) p; +- int count, i; ++ unsigned int count, i; + char *tmp; + + gg_debug(GG_DEBUG_MISC, "// gg_watch_fd_connected() received a notify reply\n"); +@@ -454,7 +468,7 @@ static int gg_watch_fd_connected(struct + goto fail; + } + +- if (gg_fix32(n->status) == GG_STATUS_BUSY_DESCR || gg_fix32(n->status == GG_STATUS_NOT_AVAIL_DESCR) || gg_fix32(n->status) == GG_STATUS_AVAIL_DESCR) { ++ if (gg_fix32(n->status) == GG_STATUS_BUSY_DESCR || gg_fix32(n->status) == GG_STATUS_NOT_AVAIL_DESCR || gg_fix32(n->status) == GG_STATUS_AVAIL_DESCR) { + e->type = GG_EVENT_NOTIFY_DESCR; + + if (!(e->event.notify_descr.notify = (void*) malloc(sizeof(*n) * 2))) { +@@ -557,6 +571,8 @@ static int gg_watch_fd_connected(struct + e->event.notify60[i].descr = NULL; + e->event.notify60[i].time = 0; + ++ if (uin & 0x40000000) ++ e->event.notify60[i].version |= GG_HAS_AUDIO_MASK; + if (GG_S_D(n->status)) { + unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60)); + +@@ -628,8 +644,11 @@ static int gg_watch_fd_connected(struct + + e->event.status60.descr = buf; + +- if (len > 4 && p[h->length - 5] == 0) +- e->event.status60.time = *((int*) (p + h->length - 4)); ++ if (len > 4 && p[h->length - 5] == 0) { ++ uint32_t t; ++ memcpy(&t, p + h->length - 4, sizeof(uint32_t)); ++ e->event.status60.time = gg_fix32(t); ++ } + } + + break; +@@ -695,7 +714,7 @@ static int gg_watch_fd_connected(struct + + if (h->length > 1) { + char *tmp; +- int len = (sess->userlist_reply) ? strlen(sess->userlist_reply) : 0; ++ unsigned int len = (sess->userlist_reply) ? strlen(sess->userlist_reply) : 0; + + gg_debug(GG_DEBUG_MISC, "userlist_reply=%p, len=%d\n", sess->userlist_reply, len); + +@@ -1336,7 +1355,11 @@ struct gg_event *gg_watch_fd(struct gg_s + free(sess->password); + sess->password = NULL; + +- gg_debug(GG_DEBUG_MISC, "// gg_watch_fd() gg_dcc_ip = %s\n", inet_ntoa(*((struct in_addr*) &gg_dcc_ip))); ++ { ++ struct in_addr dcc_ip; ++ dcc_ip.s_addr = gg_dcc_ip; ++ gg_debug(GG_DEBUG_MISC, "// gg_watch_fd() gg_dcc_ip = %s\n", inet_ntoa(dcc_ip)); ++ } + + if (gg_dcc_ip == (unsigned long) inet_addr("255.255.255.255")) { + struct sockaddr_in sin; +@@ -1363,7 +1386,7 @@ struct gg_event *gg_watch_fd(struct gg_s + + if (sess->external_addr && sess->external_port > 1023) { + l.external_ip = sess->external_addr; +- l.external_port = sess->external_port; ++ l.external_port = gg_fix16(sess->external_port); + } + + gg_debug(GG_DEBUG_TRAFFIC, "// gg_watch_fd() sending GG_LOGIN60 packet\n"); |