5 files changed, 12 insertions, 21 deletions

diff --git a/protocols/Gadu-Gadu/src/oauth.cpp b/protocols/Gadu-Gadu/src/oauth.cpp
index c43b111dba..92abd7feaa 100644
--- a/protocols/Gadu-Gadu/src/oauth.cpp
+++ b/protocols/Gadu-Gadu/src/oauth.cpp
@@ -186,7 +186,7 @@ int oauth_sign_request(LIST<OAUTHPARAMETER> &params, const char *httpmethod, con
 		mir_strcat(key, tsenc);

 

 		BYTE digest[MIR_SHA1_HASH_SIZE];

-		unsigned len = sizeof(digest);

+		unsigned len;

 		HMAC(EVP_sha1(), key, (int)mir_strlen(key), (BYTE*)(char*)text, (int)mir_strlen(text), digest, &len);

 		sign = mir_base64_encode(digest, MIR_SHA1_HASH_SIZE);

 	}

diff --git a/protocols/Icq10/src/server.cpp b/protocols/Icq10/src/server.cpp
index 35db43f06c..0a8f8e9e98 100644
--- a/protocols/Icq10/src/server.cpp
+++ b/protocols/Icq10/src/server.cpp
@@ -95,7 +95,7 @@ void CIcqProto::OnCheckPassword(NETLIBHTTPREQUEST *pReply, AsyncHttpRequest*)
 	case 200:
 		{
 			JSONNode data = response["data"];
-			m_szAToken = data["token"]["a"].as_mstring();
+			m_szAToken = ptrA(mir_urlDecode(data["token"]["a"].as_string().c_str()));
 			m_szSessionSecret = data["sessionSecret"].as_mstring();
 		
 			CMStringA szUin = data["loginId"].as_mstring();
@@ -143,22 +143,13 @@ void CIcqProto::OnCheckPassword(NETLIBHTTPREQUEST *pReply, AsyncHttpRequest*)
 	ptrA szPassword(getStringA("Password"));
 
 	BYTE hashOut[MIR_SHA256_HASH_SIZE];
-	unsigned int len = sizeof(hashOut);
-	HMAC(EVP_sha256(), szPassword.get(), mir_strlen(szPassword), (BYTE*)m_szSessionSecret.c_str(), m_szSessionSecret.GetLength(), hashOut, &len);
+	unsigned int len = 0;
+	HMAC(EVP_sha256(), szPassword.get(), (int)mir_strlen(szPassword), (BYTE*)m_szSessionSecret.c_str(), m_szSessionSecret.GetLength(), hashOut, &len);
 	ptrA szSessionKey(mir_base64_encode(hashOut, sizeof(hashOut)));
 
-	CMStringA hashData(FORMAT, "POST&%s&%s", ptrA(mir_urlEncode(pReq->szUrl)), ptrA(mir_urlEncode(pReq->m_szParam)));
-	HMAC(EVP_sha256(), szSessionKey.get(), mir_strlen(szSessionKey), (BYTE*)hashData.c_str(), hashData.GetLength(), hashOut, &len);
-
-	pReq->m_szParam.Empty();
-	pReq << CHAR_PARAM("a", m_szAToken) << INT_PARAM("activeTimeout", 180) << CHAR_PARAM("assertCaps", CAPS)
-		<< INT_PARAM("buildNumber", __BUILD_NUM) << CHAR_PARAM("clientName", "Miranda NG") << INT_PARAM("clientVersion", 5000)
-		<< CHAR_PARAM("deviceId", szDeviceId) << CHAR_PARAM("events", EVENTS) << CHAR_PARAM("f", "json") << CHAR_PARAM("imf", "plain")
-		<< CHAR_PARAM("inactiveView", "offline") << CHAR_PARAM("includePresenceFields", FIELDS) << CHAR_PARAM("invisible", "false")
-		<< CHAR_PARAM("k", "ic1nmMjqg7Yu-0hL") << INT_PARAM("majorVersion", __MAJOR_VERSION) << INT_PARAM("minorVersion", __MINOR_VERSION)
-		<< INT_PARAM("mobile", 0) << CHAR_PARAM("nonce", nonce) << INT_PARAM("pointVersion", 0) << CHAR_PARAM("r", (char*)szId) 
-		<< INT_PARAM("rawMsg", 0) << INT_PARAM("sessionTimeout", 7776000) << CHAR_PARAM("sig_sha256", ptrA(mir_base64_encode(hashOut, sizeof(hashOut)))) 
-		<< INT_PARAM("ts", ts) << CHAR_PARAM("view", "online");
+	CMStringA hashData(FORMAT, "POST&%s&%s", ptrA(mir_urlEncode(pReq->m_szUrl)), ptrA(mir_urlEncode(pReq->m_szParam)));
+	HMAC(EVP_sha256(), szSessionKey.get(), (int)mir_strlen(szSessionKey), (BYTE*)hashData.c_str(), hashData.GetLength(), hashOut, &len);
+	pReq << CHAR_PARAM("sig_sha256", ptrA(mir_base64_encode(hashOut, sizeof(hashOut))));
 
 	Push(pReq);
 	RpcStringFreeA(&szId);
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index 28166d3348..1ed762290e 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -230,7 +230,7 @@ void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t
 	memset(res, 0, MIR_SHA1_HASH_SIZE);

 

 	for (int i = 0; i < ind; i++) {

-		unsigned int len = MIR_SHA1_HASH_SIZE;

+		unsigned int len;

 		HMAC(EVP_sha1(), (BYTE*)passw, passwLen, u, bufLen, u, &len);

 		bufLen = MIR_SHA1_HASH_SIZE;

 

@@ -269,7 +269,7 @@ char* TScramAuth::getChallenge(const wchar_t *challenge)
 	Hi(saltedPassw, passw, passwLen, salt, saltLen, ind);

 

 	BYTE clientKey[MIR_SHA1_HASH_SIZE];

-	unsigned int len = sizeof(clientKey);

+	unsigned int len;

 	HMAC(EVP_sha1(), saltedPassw, sizeof(saltedPassw), (BYTE*)"Client Key", 10, clientKey, &len);

 

 	BYTE storedKey[MIR_SHA1_HASH_SIZE];

diff --git a/protocols/MSN/src/msn_auth.cpp b/protocols/MSN/src/msn_auth.cpp
index e478dc6e72..5c5f6bad46 100644
--- a/protocols/MSN/src/msn_auth.cpp
+++ b/protocols/MSN/src/msn_auth.cpp
@@ -524,7 +524,7 @@ static void derive_key(BYTE* der, unsigned char* key, size_t keylen, unsigned ch
 	const size_t buflen = MIR_SHA1_HASH_SIZE + datalen;

 	BYTE* buf = (BYTE*)alloca(buflen);

 

-	unsigned int len = sizeof(hash1);

+	unsigned int len;

 	HMAC(EVP_sha1(), key, keylen, data, datalen, hash1, &len);

 	HMAC(EVP_sha1(), key, keylen, hash1, MIR_SHA1_HASH_SIZE, hash3, &len);

 

@@ -565,7 +565,7 @@ CMStringA CMsnProto::HotmailLogin(const char* url)
 	result.Append(ptrA(mir_urlEncode(noncenc)));

 

 	BYTE hash[MIR_SHA1_HASH_SIZE];

-	unsigned int len = sizeof(hash);

+	unsigned int len;

 	HMAC(EVP_sha1(), key2, sizeof(key2), (BYTE*)result.GetString(), result.GetLength(), hash, &len);

 	ptrA szHash(mir_base64_encode(hash, sizeof(hash)));

 	result.AppendFormat("&hash=%s", ptrA(mir_urlEncode(szHash)));

diff --git a/protocols/Twitter/src/oauth.cpp b/protocols/Twitter/src/oauth.cpp
index b4b00cb8fa..3e6362c397 100644
--- a/protocols/Twitter/src/oauth.cpp
+++ b/protocols/Twitter/src/oauth.cpp
@@ -337,7 +337,7 @@ wstring mir_twitter::OAuthCreateSignature(const wstring& signatureBase, const ws
 	string keyBytes = WideToUTF8(key);

 

 	BYTE digest[MIR_SHA1_HASH_SIZE];

-	unsigned int len = sizeof(digest);

+	unsigned int len;

 	string data = WideToUTF8(signatureBase);

 	HMAC(EVP_sha1(), keyBytes.c_str(), keyBytes.size(), (PBYTE)data.c_str(), data.size(), digest, &len);

 	ptrA encoded(mir_base64_encode(digest, sizeof(digest)));