Mercurial > pidgin3 / changeset

--- a/libpurple/http.c	Sun Oct 14 19:40:06 2018 -0400
+++ b/libpurple/http.c	Thu Oct 25 18:16:57 2018 +1300
@@ -30,14 +30,14 @@
 #include "purple-gio.h"
 
 #define PURPLE_HTTP_URL_CREDENTIALS_CHARS "a-z0-9.,~_/*!&%?=+\\^-"
-#define PURPLE_HTTP_MAX_RECV_BUFFER_LEN 10240
-#define PURPLE_HTTP_MAX_READ_BUFFER_LEN 10240
+#define PURPLE_HTTP_MAX_RECV_BUFFER_LEN 102400
+#define PURPLE_HTTP_MAX_READ_BUFFER_LEN 102400
 #define PURPLE_HTTP_GZ_BUFF_LEN 1024
 
 #define PURPLE_HTTP_REQUEST_DEFAULT_MAX_REDIRECTS 20
 #define PURPLE_HTTP_REQUEST_DEFAULT_TIMEOUT 30
 #define PURPLE_HTTP_REQUEST_DEFAULT_MAX_LENGTH 1048576
-#define PURPLE_HTTP_REQUEST_HARD_MAX_LENGTH G_MAXINT32-1
+#define PURPLE_HTTP_REQUEST_HARD_MAX_LENGTH (G_MAXINT32 - 1)
 
 #define PURPLE_HTTP_PROGRESS_WATCHER_DEFAULT_INTERVAL 250000
 
@@ -338,15 +338,17 @@
 		d_year, month, d_date, d_time);
 
 	g_free(d_date);
-	g_free(d_month);
 	g_free(d_year);
 	g_free(d_time);
 
 	if (month > 12) {
 		purple_debug_warning("http", "Invalid month: %s\n", d_month);
+		g_free(d_month);
 		g_free(iso_date);
 		return 0;
 	}
+	
+	g_free(d_month);
 
 	t = purple_str_to_time(iso_date, TRUE, NULL, NULL, NULL);
 
@@ -438,6 +440,7 @@
 				error->message);
 			g_clear_error(&error);
 			gzs->failed = TRUE;
+			g_string_free(ret, TRUE);
 			return NULL;
 		}
 	}
@@ -834,6 +837,17 @@
 	purple_http_conn_cancel(hc);
 }
 
+static void memset_zero(gpointer pnt, gsize len)
+{
+	volatile unsigned char *volatile pnt_ =
+		(volatile unsigned char *volatile) pnt;
+	size_t i = (size_t) 0U;
+
+	while (i < len) {
+		pnt_[i++] = 0U;
+	}
+}
+
 static void _purple_http_gen_headers(PurpleHttpConnection *hc)
 {
 	GString *h;
@@ -897,7 +911,7 @@
 		purple_http_request_is_method(req, "post")))
 	{
 		g_string_append_printf(h, "Content-Length: %u\r\n",
-			req->contents_length);
+			(guint) req->contents_length);
 	}
 
 	if (proxy_http)
@@ -915,7 +929,7 @@
 		tmp = g_strdup_printf("%s:%s", proxy_username, proxy_password);
 		len = strlen(tmp);
 		proxy_auth = g_base64_encode((const guchar *)tmp, len);
-		memset(tmp, 0, len);
+		memset_zero(tmp, len);
 		g_free(tmp);
 
 		ntlm_type1 = purple_http_ntlm_gen_type1(purple_get_host_name(),
@@ -927,7 +941,7 @@
 			ntlm_type1);
 		g_string_append(h, "Proxy-Connection: close\r\n"); /* TEST: proxy+KeepAlive */
 
-		memset(proxy_auth, 0, strlen(proxy_auth));
+		memset_zero(proxy_auth, strlen(proxy_auth));
 		g_free(proxy_auth);
 		g_free(ntlm_type1);
 	}
@@ -1307,7 +1321,11 @@
 			int buffer_len = hc->response_buffer->len;
 			gchar *buffer = g_string_free(hc->response_buffer, FALSE);
 			hc->response_buffer = NULL;
-			_purple_http_recv_body(hc, buffer, buffer_len);
+			if (!_purple_http_recv_body(hc, buffer, buffer_len))
+			{
+				g_free(buffer);
+				return FALSE;
+			}
 			g_free(buffer);
 		}
 		if (!hc->headers_got)
@@ -1578,6 +1596,10 @@
 	if (hc->response_buffer)
 		g_string_free(hc->response_buffer, TRUE);
 	hc->response_buffer = NULL;
+	
+	if (hc->gz_stream)
+		purple_http_gz_free(hc->gz_stream);
+	hc->gz_stream = NULL;
 
 	if (hc->socket_request)
 		purple_http_keepalive_pool_request_cancel(hc->socket_request);
@@ -1876,7 +1898,9 @@
 			http_conn);
 	}
 
-	http_conn->response->code = 0;
+	if (http_conn->response != NULL) {
+		http_conn->response->code = 0;
+	}
 	_purple_http_disconnect(http_conn, FALSE);
 	purple_http_connection_terminate(http_conn);
 }
@@ -1889,7 +1913,9 @@
 
 	purple_debug_info("http", "Retrying connection %p...\n", http_conn);
 
-	http_conn->response->code = 0;
+	if (http_conn->response != NULL) {
+		http_conn->response->code = 0;
+	}
 	_purple_http_disconnect(http_conn, FALSE);
 	_purple_http_reconnect(http_conn);
 }
@@ -1905,7 +1931,7 @@
 
 	gc_list = g_hash_table_lookup(purple_http_hc_by_gc, gc);
 
-	g_hash_table_insert(purple_http_cancelling_gc, gc, GINT_TO_POINTER(TRUE));
+	g_hash_table_insert(purple_http_cancelling_gc, gc, GINT_TO_POINTER(1));
 
 	while (gc_list) {
 		PurpleHttpConnection *hc = gc_list->data;
@@ -2590,7 +2616,7 @@
 		purple_http_connection_set_remove(http_conn->connection_set,
 			http_conn);
 	}
-	g_hash_table_insert(set->connections, http_conn, (gpointer)TRUE);
+	g_hash_table_insert(set->connections, http_conn, GINT_TO_POINTER(1));
 	http_conn->connection_set = set;
 }
 
@@ -3235,7 +3261,9 @@
 	if (parsed_url->username || parsed_url->password) {
 		if (parsed_url->username)
 			g_string_append(url, parsed_url->username);
-		g_string_append_printf(url, ":%s", parsed_url->password);
+		g_string_append_c(url, ':');
+		if (parsed_url->password)
+			g_string_append(url, parsed_url->password);
 		g_string_append(url, "@");
 		before_host_printed = TRUE;
 	}
@@ -3381,8 +3409,9 @@
 	g_regex_unref(purple_http_re_rfc1123);
 	purple_http_re_rfc1123 = NULL;
 
-	g_list_foreach(purple_http_hc_list, purple_http_foreach_conn_cancel,
-		NULL);
+	if (purple_http_hc_list != NULL) {
+		g_list_foreach(purple_http_hc_list, purple_http_foreach_conn_cancel, NULL);
+	}
 
 	if (purple_http_hc_list != NULL ||
 		0 != g_hash_table_size(purple_http_hc_by_ptr) ||