From 61e7e02096c7910addba32a9060a5e0cba68284b Mon Sep 17 00:00:00 2001 From: dequis Date: Mon, 8 Jun 2015 00:25:18 -0300 Subject: twitter: fix leak of the letter "s" in twitter_url_len_diff Yeah, just the letter s from "https", and a null byte. Really critical stuff. You'd have to post a million tweets to even notice this at all. --- protocols/twitter/twitter.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'protocols') diff --git a/protocols/twitter/twitter.c b/protocols/twitter/twitter.c index 8c7e5ea9..7eb948ad 100644 --- a/protocols/twitter/twitter.c +++ b/protocols/twitter/twitter.c @@ -468,11 +468,15 @@ int twitter_url_len_diff(gchar *msg, unsigned int target_len) g_regex_match(regex, msg, 0, &match_info); while (g_match_info_matches(match_info)) { - gchar *url = g_match_info_fetch(match_info, 2); + gchar *s, *url; + + url = g_match_info_fetch(match_info, 2); url_len_diff += target_len - g_utf8_strlen(url, -1); + /* Add another character for https://t.co/... URLs */ - if (g_match_info_fetch(match_info, 3) != NULL) { + if ((s = g_match_info_fetch(match_info, 3))) { url_len_diff += 1; + g_free(s); } g_free(url); g_match_info_next(match_info, NULL); -- cgit v1.2.3