From f3b388b80daebb13398f2b6b269eda0aa947e469 Mon Sep 17 00:00:00 2001
From: Benjamin Franzke <benjaminfranzke@googlemail.com>
Date: Mon, 18 Nov 2013 14:37:05 +0100
Subject: recv_user_state: Verify needed, but optional values

We need at least always the session id.
Didn't looked through the mumble source code,
when this event is useful without.

Store a user only, if we've been given a name, id and channel.
---
 src/cmumble.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/cmumble.c b/src/cmumble.c
index c566780..760486f 100644
--- a/src/cmumble.c
+++ b/src/cmumble.c
@@ -153,6 +153,9 @@ recv_user_state(MumbleProto__UserState *state, struct cmumble *cm)
 {
 	struct cmumble_user *user = NULL;
 
+	if (!state->has_session)
+		return;
+
 	user = find_user(cm, state->session);
 	if (user) {
 		/* update */
@@ -163,6 +166,10 @@ recv_user_state(MumbleProto__UserState *state, struct cmumble *cm)
 		return;
 	}
 
+	/* verify input data */
+	if (!state->has_user_id || !state->has_channel_id || !state->name)
+		return;
+
 	user = g_slice_new0(struct cmumble_user);
 	if (user == NULL) {
 		g_printerr("Out of memory.\n");
@@ -172,6 +179,8 @@ recv_user_state(MumbleProto__UserState *state, struct cmumble *cm)
 	user->session = state->session;
 	user->name = g_strdup(state->name);
 	user->id = state->user_id;
+	/* FIXME: error out if channel not found?
+	 * That looks like malicious data. */
 	user->channel = find_channel(cm, state->channel_id);
 
 	if (cm->session == user->session)
-- 
cgit