From b38d399811a556b07a088ec05b947e56397e557b Mon Sep 17 00:00:00 2001 From: dequis Date: Mon, 24 Nov 2014 02:16:09 -0300 Subject: Use glib functions for base64 decoding/encoding This fixes several coverity warnings about 'tainted data index sink' and a fixme about thread safety in the old base64_decode implementation. Had to adapt the code that used base64_encode_real: - oauth.c: different character set order, but it's for the nonce so it doesn't matter - libyahoo2.c: used as part of the auth, changes "+/=" into "._-". Fixed by encoding first the usual way through glib, then replacing. --- protocols/yahoo/libyahoo2.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'protocols') diff --git a/protocols/yahoo/libyahoo2.c b/protocols/yahoo/libyahoo2.c index 972ee134..fe40786b 100644 --- a/protocols/yahoo/libyahoo2.c +++ b/protocols/yahoo/libyahoo2.c @@ -680,10 +680,25 @@ static void yahoo_packet_dump(unsigned char *data, int len) } } -/* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ +/* yahoo's variant of base64 */ static void to_y64(unsigned char *out, const unsigned char *in, int inlen) { - base64_encode_real(in, inlen, out, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-"); + char *encoded = base64_encode(in, inlen); + int i = 0; + + do { + if (encoded[i] == '+') { + out[i] = '.'; + } else if (encoded[i] == '/') { + out[i] = '_'; + } else if (encoded[i] == '=') { + out[i] = '-'; + } else { + out[i] = encoded[i]; + } + } while (encoded[i++]); + + g_free(encoded); } static void yahoo_add_to_send_queue(struct yahoo_input_data *yid, void *data, -- cgit v1.2.3