GSList * msn_tlvlist_read(const char *bs, size_t bs_len) { GSList *list = NULL; while (bs_len > 0) { guint8 type, length; msn_tlv_t *tlv; if (bs_len == 3 && *bs == 0) { /* Padding to multiple of 4 */ break; } else if (bs_len == 2 && *bs == 0) { /* Padding to multiple of 4 */ break; } else if (bs_len == 1) { if (*bs == 0) { /* Padding to multiple of 4 */ break; } else { /* TLV is not small enough to fit here */ msn_tlvlist_free(list); return NULL; } } type = msn_pop8(bs); length = msn_pop8(bs); bs_len -= 2; if (length > bs_len) { msn_tlvlist_free(list); return NULL; } tlv = createtlv(type, length, NULL); if (length > 0) { tlv->value = g_memdup(bs, length); if (!tlv->value) { freetlv(tlv); msn_tlvlist_free(list); return NULL; } } bs_len -= length; bs += length; list = g_slist_prepend(list, tlv); } return g_slist_reverse(list); }
/** * Read a TLV chain from a buffer. * * Reads and parses a series of TLV patterns from a data buffer; the * returned structure is manipulatable with the rest of the TLV * routines. When done with a TLV chain, aim_tlvlist_free() should * be called to free the dynamic substructures. * * XXX There should be a flag setable here to have the tlvlist contain * bstream references, so that at least the ->value portion of each * element doesn't need to be malloc/memcpy'd. This could prove to be * just as effecient as the in-place TLV parsing used in a couple places * in libfaim. * * @param bs Input bstream * @param num The max number of TLVs that will be read, or -1 if unlimited. * There are a number of places where you want to read in a tlvchain, * but the chain is not at the end of the SNAC, and the chain is * preceeded by the number of TLVs. So you can limit that with this. */ faim_internal aim_tlvlist_t *aim_tlvlist_readnum(aim_bstream_t *bs, fu16_t num) { aim_tlvlist_t *list = NULL, *cur; while ((aim_bstream_empty(bs) > 0) && (num != 0)) { fu16_t type, length; type = aimbs_get16(bs); length = aimbs_get16(bs); if (length > aim_bstream_empty(bs)) { aim_tlvlist_free(&list); return NULL; } cur = (aim_tlvlist_t *)malloc(sizeof(aim_tlvlist_t)); if (!cur) { aim_tlvlist_free(&list); return NULL; } memset(cur, 0, sizeof(aim_tlvlist_t)); cur->tlv = createtlv(type, length, NULL); if (!cur->tlv) { free(cur); aim_tlvlist_free(&list); return NULL; } if (cur->tlv->length > 0) { cur->tlv->value = aimbs_getraw(bs, length); if (!cur->tlv->value) { freetlv(&cur->tlv); free(cur); aim_tlvlist_free(&list); return NULL; } } if (num > 0) num--; cur->next = list; list = cur; } return list; }
/** * aim_readtlvchain_len - Read a TLV chain from a buffer. * @param bs Input bstream * @param len The max length in bytes that will be read. * There are a number of places where you want to read in a tlvchain, * but the chain is not at the end of the SNAC, and the chain is * preceeded by the length of the TLVs. So you can limit that with this. * * Reads and parses a series of TLV patterns from a data buffer; the * returned structure is manipulatable with the rest of the TLV * routines. When done with a TLV chain, aim_freetlvchain() should * be called to free the dynamic substructures. * * XXX There should be a flag setable here to have the tlvlist contain * bstream references, so that at least the ->value portion of each * element doesn't need to be malloc/memcpy'd. This could prove to be * just as effecient as the in-place TLV parsing used in a couple places * in libfaim. * */ faim_internal aim_tlvlist_t *aim_readtlvchain_len(aim_bstream_t *bs, fu16_t len) { aim_tlvlist_t *list = NULL, *cur; while ((aim_bstream_empty(bs) > 0) && (len > 0)) { fu16_t type, length; type = aimbs_get16(bs); length = aimbs_get16(bs); if (length > aim_bstream_empty(bs)) { aim_freetlvchain(&list); return NULL; } cur = (aim_tlvlist_t *)malloc(sizeof(aim_tlvlist_t)); if (!cur) { aim_freetlvchain(&list); return NULL; } memset(cur, 0, sizeof(aim_tlvlist_t)); cur->tlv = createtlv(); if (!cur->tlv) { free(cur); aim_freetlvchain(&list); return NULL; } cur->tlv->type = type; if ((cur->tlv->length = length)) { cur->tlv->value = aimbs_getraw(bs, length); if (!cur->tlv->value) { freetlv(&cur->tlv); free(cur); aim_freetlvchain(&list); return NULL; } } len -= aim_sizetlvchain(&cur); cur->next = list; list = cur; } return list; }
static GSList * aim_tlv_read(GSList *list, ByteStream *bs) { guint16 type, length; aim_tlv_t *tlv; type = byte_stream_get16(bs); length = byte_stream_get16(bs); #if 0 /* * This code hasn't been needed in years. It's been commented * out since 2003, at the latest. It seems likely that it was * just a bug in their server code that has since been fixed. * In any case, here's the orignal comment, kept for historical * purposes: * * Okay, so now AOL has decided that any TLV of * type 0x0013 can only be two bytes, despite * what the actual given length is. So here * we dump any invalid TLVs of that sort. Hopefully * there's no special cases to this special case. * - mid (30jun2000) */ if ((type == 0x0013) && (length != 0x0002)) { length = 0x0002; return list; } #endif if (length > byte_stream_empty(bs)) { aim_tlvlist_free(list); return NULL; } tlv = createtlv(type, length, NULL); if (tlv->length > 0) { tlv->value = byte_stream_getraw(bs, length); if (!tlv->value) { freetlv(tlv); aim_tlvlist_free(list); return NULL; } } return g_slist_prepend(list, tlv); }
/** * aim_freetlvchain - Free a TLV chain structure * @list: Chain to be freed * * Walks the list of TLVs in the passed TLV chain and * frees each one. Note that any references to this data * should be removed before calling this. * */ faim_internal void aim_freetlvchain(aim_tlvlist_t **list) { aim_tlvlist_t *cur; if (!list || !*list) return; for (cur = *list; cur; ) { aim_tlvlist_t *tmp; freetlv(&cur->tlv); tmp = cur->next; free(cur); cur = tmp; } list = NULL; return; }
/** * Read a TLV chain from a buffer. * * Reads and parses a series of TLV patterns from a data buffer; the * returned structure is manipulatable with the rest of the TLV * routines. When done with a TLV chain, aim_tlvlist_free() should * be called to free the dynamic substructures. * * XXX There should be a flag setable here to have the tlvlist contain * bstream references, so that at least the ->value portion of each * element doesn't need to be malloc/memcpy'd. This could prove to be * just as effecient as the in-place TLV parsing used in a couple places * in libfaim. * * @param bs Input bstream */ faim_internal aim_tlvlist_t *aim_tlvlist_read(aim_bstream_t *bs) { aim_tlvlist_t *list = NULL, *cur; while (aim_bstream_empty(bs) > 0) { fu16_t type, length; type = aimbs_get16(bs); length = aimbs_get16(bs); #if 0 /* temporarily disabled until I know if they're still doing it or not */ /* * Okay, so now AOL has decided that any TLV of * type 0x0013 can only be two bytes, despite * what the actual given length is. So here * we dump any invalid TLVs of that sort. Hopefully * theres no special cases to this special case. * - mid (30jun2000) */ if ((type == 0x0013) && (length != 0x0002)) length = 0x0002; #else if (0) ; #endif else { if (length > aim_bstream_empty(bs)) { aim_tlvlist_free(&list); return NULL; } cur = (aim_tlvlist_t *)malloc(sizeof(aim_tlvlist_t)); if (!cur) { aim_tlvlist_free(&list); return NULL; } memset(cur, 0, sizeof(aim_tlvlist_t)); cur->tlv = createtlv(type, length, NULL); if (!cur->tlv) { free(cur); aim_tlvlist_free(&list); return NULL; } if (cur->tlv->length > 0) { cur->tlv->value = aimbs_getraw(bs, length); if (!cur->tlv->value) { freetlv(&cur->tlv); free(cur); aim_tlvlist_free(&list); return NULL; } } cur->next = list; list = cur; } } return list; }