stv0g/telegram-purple
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Improve string sanitation in fallback chat

Browse source
This commit is contained in:
mjentsch 2015-07-11 19:32:59 +02:00
parent 8f790253a7
commit 47812f2f72
4 changed files with 37 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
telegram-base.c
View file

@ -451,12 +451,16 @@ static void code_auth_receive_result (struct tgl_state *TLS, void *extra, int su
}
void request_code_entered (gpointer data, const gchar *code) {
char *stripped = g_strstrip (purple_markup_strip_html (code));
struct tgl_state *TLS = data;
connection_data *conn = TLS->ev_base;
char const *username = purple_account_get_username(conn->pa);
debug ("sending code: '%s'\n", stripped);
tgl_do_send_code_result (TLS, username, (int)strlen (username), conn->hash,
(int)strlen (conn->hash), code, (int)strlen (code),
(int)strlen (conn->hash), stripped, (int)strlen (stripped),
code_receive_result, 0);
g_free (stripped);
}
static void request_code_canceled (gpointer data) {
@ -492,18 +496,20 @@ static void request_name_code_entered (PurpleConnection* gc, PurpleRequestFields
struct tgl_state *TLS = conn->TLS;
char const *username = purple_account_get_username(conn->pa);
const char* first = purple_request_fields_get_string(fields, "first_name");
const char* last = purple_request_fields_get_string(fields, "last_name");
const char* code = purple_request_fields_get_string(fields, "code");
char* first = g_strstrip (g_strdup (purple_request_fields_get_string (fields, "first_name")));
char* last = g_strstrip (g_strdup (purple_request_fields_get_string (fields, "last_name")));
char* code = g_strstrip (g_strdup (purple_request_fields_get_string (fields, "code")));
if (!first || !last || !code) {
request_name_and_code (TLS);
return;
}
tgl_do_send_code_result_auth(TLS, username, (int)strlen(username), conn->hash,
tgl_do_send_code_result_auth (TLS, username, (int)strlen(username), conn->hash,
(int)strlen (conn->hash), code, (int)strlen (code), first,
(int)strlen (first), last, (int)strlen (last),
code_auth_receive_result, NULL);
g_free (first);
g_free (last);
g_free (code);
}
static void request_name_and_code (struct tgl_state *TLS) {

10
telegram-purple.c
View file

@ -491,6 +491,12 @@ static int tgprpl_send_im (PurpleConnection * gc, const char *who, const char *m
// this is part of a workaround to support clients without
// the request API (request.h), see telegram-base.c:request_code()
if (conn->in_fallback_chat) {
// OTR plugins may try to insert messages that don't contain the code
if (tgp_startswith (message, "?OTR")) {
info ("Fallback SMS auth, skipping OTR messsage: '%s'", message);
return -1;
}
request_code_entered (conn->TLS, message);
conn->in_fallback_chat = 0;
return 1;
@ -780,7 +786,9 @@ static void tgprpl_init (PurplePlugin *plugin) {
TGP_KEY_PASSWORD_TWO_FACTOR, NULL);
prpl_info.protocol_options = g_list_append(prpl_info.protocol_options, opt);
opt = purple_account_option_bool_new("Fallback SMS Verification", "compat-verification", 0);
opt = purple_account_option_bool_new(
"Fallback SMS verification\n(Helps when not using Pidgin and you aren't being prompted for the code)",
"compat-verification", 0);
prpl_info.protocol_options = g_list_append(prpl_info.protocol_options, opt);

15
tgp-utils.c
View file

@ -142,3 +142,18 @@ const char *tgp_mime_to_filetype (const char *mime) {
}
return NULL;
}
int tgp_startswith (const char *str, const char *with) {
if (! str || !with) {
return FALSE;
}
int slen = strlen (str), wlen = strlen (with);
if (wlen > slen) {
return FALSE;
}
while (*with) if (*str++ != *with++) {
return FALSE;
}
return TRUE;
}

1
tgp-utils.h
View file

@ -50,5 +50,6 @@ char *tgp_g_format_size (gint64 size);
void tgp_g_queue_free_full (GQueue *queue, GDestroyNotify free_func);
void tgp_g_list_free_full (GList *list, GDestroyNotify free_func);
const char *tgp_mime_to_filetype (const char *mime);
int tgp_startswith (const char *str, const char *with);
#endif