mir_urlDecode restored

11 files changed, 39 insertions, 21 deletions

diff --git a/include/m_core.h b/include/m_core.h
index 11878f8b60..92b1cd2960 100644
--- a/include/m_core.h
+++ b/include/m_core.h
@@ -153,6 +153,7 @@ MIR_CORE_DLL(pfnExceptionFilter) SetExceptionFilter(pfnExceptionFilter pMirandaE
 ///////////////////////////////////////////////////////////////////////////////

 // http support

 

+MIR_CORE_DLL(char*) mir_urlDecode(const char *szUrl);

 MIR_CORE_DLL(char*) mir_urlEncode(const char *szUrl);

 

 ///////////////////////////////////////////////////////////////////////////////

diff --git a/libs/win32/mir_core.lib b/libs/win32/mir_core.lib
index 9cef4dc7ff..85bbc4d222 100644
--- a/libs/win32/mir_core.lib
+++ b/libs/win32/mir_core.lib
diff --git a/libs/win64/mir_core.lib b/libs/win64/mir_core.lib
index b7233c5ab4..a17a757261 100644
--- a/libs/win64/mir_core.lib
+++ b/libs/win64/mir_core.lib
diff --git a/protocols/Gadu-Gadu/src/oauth.cpp b/protocols/Gadu-Gadu/src/oauth.cpp
index c43b111dba..92abd7feaa 100644
--- a/protocols/Gadu-Gadu/src/oauth.cpp
+++ b/protocols/Gadu-Gadu/src/oauth.cpp
@@ -186,7 +186,7 @@ int oauth_sign_request(LIST<OAUTHPARAMETER> &params, const char *httpmethod, con
 		mir_strcat(key, tsenc);

 

 		BYTE digest[MIR_SHA1_HASH_SIZE];

-		unsigned len = sizeof(digest);

+		unsigned len;

 		HMAC(EVP_sha1(), key, (int)mir_strlen(key), (BYTE*)(char*)text, (int)mir_strlen(text), digest, &len);

 		sign = mir_base64_encode(digest, MIR_SHA1_HASH_SIZE);

 	}

diff --git a/protocols/Icq10/src/server.cpp b/protocols/Icq10/src/server.cpp
index 35db43f06c..0a8f8e9e98 100644
--- a/protocols/Icq10/src/server.cpp
+++ b/protocols/Icq10/src/server.cpp
@@ -95,7 +95,7 @@ void CIcqProto::OnCheckPassword(NETLIBHTTPREQUEST *pReply, AsyncHttpRequest*)
 	case 200:
 		{
 			JSONNode data = response["data"];
-			m_szAToken = data["token"]["a"].as_mstring();
+			m_szAToken = ptrA(mir_urlDecode(data["token"]["a"].as_string().c_str()));
 			m_szSessionSecret = data["sessionSecret"].as_mstring();
 		
 			CMStringA szUin = data["loginId"].as_mstring();
@@ -143,22 +143,13 @@ void CIcqProto::OnCheckPassword(NETLIBHTTPREQUEST *pReply, AsyncHttpRequest*)
 	ptrA szPassword(getStringA("Password"));
 
 	BYTE hashOut[MIR_SHA256_HASH_SIZE];
-	unsigned int len = sizeof(hashOut);
-	HMAC(EVP_sha256(), szPassword.get(), mir_strlen(szPassword), (BYTE*)m_szSessionSecret.c_str(), m_szSessionSecret.GetLength(), hashOut, &len);
+	unsigned int len = 0;
+	HMAC(EVP_sha256(), szPassword.get(), (int)mir_strlen(szPassword), (BYTE*)m_szSessionSecret.c_str(), m_szSessionSecret.GetLength(), hashOut, &len);
 	ptrA szSessionKey(mir_base64_encode(hashOut, sizeof(hashOut)));
 
-	CMStringA hashData(FORMAT, "POST&%s&%s", ptrA(mir_urlEncode(pReq->szUrl)), ptrA(mir_urlEncode(pReq->m_szParam)));
-	HMAC(EVP_sha256(), szSessionKey.get(), mir_strlen(szSessionKey), (BYTE*)hashData.c_str(), hashData.GetLength(), hashOut, &len);
-
-	pReq->m_szParam.Empty();
-	pReq << CHAR_PARAM("a", m_szAToken) << INT_PARAM("activeTimeout", 180) << CHAR_PARAM("assertCaps", CAPS)
-		<< INT_PARAM("buildNumber", __BUILD_NUM) << CHAR_PARAM("clientName", "Miranda NG") << INT_PARAM("clientVersion", 5000)
-		<< CHAR_PARAM("deviceId", szDeviceId) << CHAR_PARAM("events", EVENTS) << CHAR_PARAM("f", "json") << CHAR_PARAM("imf", "plain")
-		<< CHAR_PARAM("inactiveView", "offline") << CHAR_PARAM("includePresenceFields", FIELDS) << CHAR_PARAM("invisible", "false")
-		<< CHAR_PARAM("k", "ic1nmMjqg7Yu-0hL") << INT_PARAM("majorVersion", __MAJOR_VERSION) << INT_PARAM("minorVersion", __MINOR_VERSION)
-		<< INT_PARAM("mobile", 0) << CHAR_PARAM("nonce", nonce) << INT_PARAM("pointVersion", 0) << CHAR_PARAM("r", (char*)szId) 
-		<< INT_PARAM("rawMsg", 0) << INT_PARAM("sessionTimeout", 7776000) << CHAR_PARAM("sig_sha256", ptrA(mir_base64_encode(hashOut, sizeof(hashOut)))) 
-		<< INT_PARAM("ts", ts) << CHAR_PARAM("view", "online");
+	CMStringA hashData(FORMAT, "POST&%s&%s", ptrA(mir_urlEncode(pReq->m_szUrl)), ptrA(mir_urlEncode(pReq->m_szParam)));
+	HMAC(EVP_sha256(), szSessionKey.get(), (int)mir_strlen(szSessionKey), (BYTE*)hashData.c_str(), hashData.GetLength(), hashOut, &len);
+	pReq << CHAR_PARAM("sig_sha256", ptrA(mir_base64_encode(hashOut, sizeof(hashOut))));
 
 	Push(pReq);
 	RpcStringFreeA(&szId);
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index 28166d3348..1ed762290e 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -230,7 +230,7 @@ void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t
 	memset(res, 0, MIR_SHA1_HASH_SIZE);

 

 	for (int i = 0; i < ind; i++) {

-		unsigned int len = MIR_SHA1_HASH_SIZE;

+		unsigned int len;

 		HMAC(EVP_sha1(), (BYTE*)passw, passwLen, u, bufLen, u, &len);

 		bufLen = MIR_SHA1_HASH_SIZE;

 

@@ -269,7 +269,7 @@ char* TScramAuth::getChallenge(const wchar_t *challenge)
 	Hi(saltedPassw, passw, passwLen, salt, saltLen, ind);

 

 	BYTE clientKey[MIR_SHA1_HASH_SIZE];

-	unsigned int len = sizeof(clientKey);

+	unsigned int len;

 	HMAC(EVP_sha1(), saltedPassw, sizeof(saltedPassw), (BYTE*)"Client Key", 10, clientKey, &len);

 

 	BYTE storedKey[MIR_SHA1_HASH_SIZE];

diff --git a/protocols/MSN/src/msn_auth.cpp b/protocols/MSN/src/msn_auth.cpp
index e478dc6e72..5c5f6bad46 100644
--- a/protocols/MSN/src/msn_auth.cpp
+++ b/protocols/MSN/src/msn_auth.cpp
@@ -524,7 +524,7 @@ static void derive_key(BYTE* der, unsigned char* key, size_t keylen, unsigned ch
 	const size_t buflen = MIR_SHA1_HASH_SIZE + datalen;

 	BYTE* buf = (BYTE*)alloca(buflen);

 

-	unsigned int len = sizeof(hash1);

+	unsigned int len;

 	HMAC(EVP_sha1(), key, keylen, data, datalen, hash1, &len);

 	HMAC(EVP_sha1(), key, keylen, hash1, MIR_SHA1_HASH_SIZE, hash3, &len);

 

@@ -565,7 +565,7 @@ CMStringA CMsnProto::HotmailLogin(const char* url)
 	result.Append(ptrA(mir_urlEncode(noncenc)));

 

 	BYTE hash[MIR_SHA1_HASH_SIZE];

-	unsigned int len = sizeof(hash);

+	unsigned int len;

 	HMAC(EVP_sha1(), key2, sizeof(key2), (BYTE*)result.GetString(), result.GetLength(), hash, &len);

 	ptrA szHash(mir_base64_encode(hash, sizeof(hash)));

 	result.AppendFormat("&hash=%s", ptrA(mir_urlEncode(szHash)));

diff --git a/protocols/Twitter/src/oauth.cpp b/protocols/Twitter/src/oauth.cpp
index b4b00cb8fa..3e6362c397 100644
--- a/protocols/Twitter/src/oauth.cpp
+++ b/protocols/Twitter/src/oauth.cpp
@@ -337,7 +337,7 @@ wstring mir_twitter::OAuthCreateSignature(const wstring& signatureBase, const ws
 	string keyBytes = WideToUTF8(key);

 

 	BYTE digest[MIR_SHA1_HASH_SIZE];

-	unsigned int len = sizeof(digest);

+	unsigned int len;

 	string data = WideToUTF8(signatureBase);

 	HMAC(EVP_sha1(), keyBytes.c_str(), keyBytes.size(), (PBYTE)data.c_str(), data.size(), digest, &len);

 	ptrA encoded(mir_base64_encode(digest, sizeof(digest)));

diff --git a/src/mir_core/src/http.cpp b/src/mir_core/src/http.cpp
index fad969c680..8d4ae7dfd6 100755
--- a/src/mir_core/src/http.cpp
+++ b/src/mir_core/src/http.cpp
@@ -21,6 +21,30 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 

 static const char szHexDigits[] = "0123456789ABCDEF";

 

+MIR_CORE_DLL(char*) mir_urlDecode(const char *szUrl)

+{

+	if (szUrl == nullptr)

+		return nullptr;

+

+	char *ret = mir_strdup(szUrl);

+

+	for (char *p = ret; *p; p++) {

+		switch (*p) {

+		case '%':

+			int ii;

+			sscanf(p+1, "%2x", &ii);

+			strdel(p, 2);

+			*p = ii;

+			break;

+

+		case '+':

+			*p = ' ';

+			break;

+		}

+	}

+	return ret;

+}

+

 MIR_CORE_DLL(char*) mir_urlEncode(const char *szUrl)

 {

 	if (szUrl == nullptr)

diff --git a/src/mir_core/src/mir_core.def b/src/mir_core/src/mir_core.def
index 4a744c5b5f..2626bbf556 100644
--- a/src/mir_core/src/mir_core.def
+++ b/src/mir_core/src/mir_core.def
@@ -154,6 +154,7 @@ wildcmpi                      @158
 wildcmpiw                     @159

 mir_base64_encode             @160

 mir_base64_decode             @161

+mir_urlDecode                 @162

 db_set_resident               @165

 db_set                        @166

 mir_subclassWindowFull        @218

diff --git a/src/mir_core/src/mir_core64.def b/src/mir_core/src/mir_core64.def
index 3f25e54f77..6a5981c157 100644
--- a/src/mir_core/src/mir_core64.def
+++ b/src/mir_core/src/mir_core64.def
@@ -154,6 +154,7 @@ wildcmpi                      @158
 wildcmpiw                     @159

 mir_base64_encode             @160

 mir_base64_decode             @161

+mir_urlDecode                 @162

 db_set_resident               @165

 db_set                        @166

 mir_subclassWindowFull        @218