Use glib functions for base64 decoding/encoding

This fixes several coverity warnings about 'tainted data index sink' and
a fixme about thread safety in the old base64_decode implementation.

Had to adapt the code that used base64_encode_real:

 - oauth.c: different character set order, but it's for the nonce so it
   doesn't matter
 - libyahoo2.c: used as part of the auth, changes "+/=" into "._-".
   Fixed by encoding first the usual way through glib, then replacing.

1 files changed, 17 insertions, 2 deletions

diff --git a/protocols/yahoo/libyahoo2.c b/protocols/yahoo/libyahoo2.c
index 972ee134..fe40786b 100644
--- a/protocols/yahoo/libyahoo2.c
+++ b/protocols/yahoo/libyahoo2.c
@@ -680,10 +680,25 @@ static void yahoo_packet_dump(unsigned char *data, int len)
 	}
 }
 
-/* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */
+/* yahoo's variant of base64 */
 static void to_y64(unsigned char *out, const unsigned char *in, int inlen)
 {
-	base64_encode_real(in, inlen, out, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-");
+	char *encoded = base64_encode(in, inlen);
+	int i = 0;
+
+	do {
+		if (encoded[i] == '+') {
+			out[i] = '.';
+		} else if (encoded[i] == '/') {
+			out[i] = '_';
+		} else if (encoded[i] == '=') {
+			out[i] = '-';
+		} else {
+			out[i] = encoded[i];
+		}
+	} while (encoded[i++]);
+
+	g_free(encoded);
 }
 
 static void yahoo_add_to_send_queue(struct yahoo_input_data *yid, void *data,