From 972fa306badc2e072d65cec43c37496aa952eee0 Mon Sep 17 00:00:00 2001
From: George Hazan <ghazan@miranda.im>
Date: Mon, 24 Dec 2018 13:59:13 +0300
Subject: mir_urlDecode restored

---
 include/m_core.h                       |   1 +
 libs/win32/mir_core.lib                | Bin 322524 -> 322734 bytes
 libs/win64/mir_core.lib                | Bin 323658 -> 323850 bytes
 protocols/Gadu-Gadu/src/oauth.cpp      |   2 +-
 protocols/Icq10/src/server.cpp         |  21 ++++++---------------
 protocols/JabberG/src/jabber_secur.cpp |   4 ++--
 protocols/MSN/src/msn_auth.cpp         |   4 ++--
 protocols/Twitter/src/oauth.cpp        |   2 +-
 src/mir_core/src/http.cpp              |  24 ++++++++++++++++++++++++
 src/mir_core/src/mir_core.def          |   1 +
 src/mir_core/src/mir_core64.def        |   1 +
 11 files changed, 39 insertions(+), 21 deletions(-)

diff --git a/include/m_core.h b/include/m_core.h
index 11878f8b60..92b1cd2960 100644
--- a/include/m_core.h
+++ b/include/m_core.h
@@ -153,6 +153,7 @@ MIR_CORE_DLL(pfnExceptionFilter) SetExceptionFilter(pfnExceptionFilter pMirandaE
 ///////////////////////////////////////////////////////////////////////////////
 // http support
 
+MIR_CORE_DLL(char*) mir_urlDecode(const char *szUrl);
 MIR_CORE_DLL(char*) mir_urlEncode(const char *szUrl);
 
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/libs/win32/mir_core.lib b/libs/win32/mir_core.lib
index 9cef4dc7ff..85bbc4d222 100644
Binary files a/libs/win32/mir_core.lib and b/libs/win32/mir_core.lib differ
diff --git a/libs/win64/mir_core.lib b/libs/win64/mir_core.lib
index b7233c5ab4..a17a757261 100644
Binary files a/libs/win64/mir_core.lib and b/libs/win64/mir_core.lib differ
diff --git a/protocols/Gadu-Gadu/src/oauth.cpp b/protocols/Gadu-Gadu/src/oauth.cpp
index c43b111dba..92abd7feaa 100644
--- a/protocols/Gadu-Gadu/src/oauth.cpp
+++ b/protocols/Gadu-Gadu/src/oauth.cpp
@@ -186,7 +186,7 @@ int oauth_sign_request(LIST<OAUTHPARAMETER> &params, const char *httpmethod, con
 		mir_strcat(key, tsenc);
 
 		BYTE digest[MIR_SHA1_HASH_SIZE];
-		unsigned len = sizeof(digest);
+		unsigned len;
 		HMAC(EVP_sha1(), key, (int)mir_strlen(key), (BYTE*)(char*)text, (int)mir_strlen(text), digest, &len);
 		sign = mir_base64_encode(digest, MIR_SHA1_HASH_SIZE);
 	}
diff --git a/protocols/Icq10/src/server.cpp b/protocols/Icq10/src/server.cpp
index 35db43f06c..0a8f8e9e98 100644
--- a/protocols/Icq10/src/server.cpp
+++ b/protocols/Icq10/src/server.cpp
@@ -95,7 +95,7 @@ void CIcqProto::OnCheckPassword(NETLIBHTTPREQUEST *pReply, AsyncHttpRequest*)
 	case 200:
 		{
 			JSONNode data = response["data"];
-			m_szAToken = data["token"]["a"].as_mstring();
+			m_szAToken = ptrA(mir_urlDecode(data["token"]["a"].as_string().c_str()));
 			m_szSessionSecret = data["sessionSecret"].as_mstring();
 		
 			CMStringA szUin = data["loginId"].as_mstring();
@@ -143,22 +143,13 @@ void CIcqProto::OnCheckPassword(NETLIBHTTPREQUEST *pReply, AsyncHttpRequest*)
 	ptrA szPassword(getStringA("Password"));
 
 	BYTE hashOut[MIR_SHA256_HASH_SIZE];
-	unsigned int len = sizeof(hashOut);
-	HMAC(EVP_sha256(), szPassword.get(), mir_strlen(szPassword), (BYTE*)m_szSessionSecret.c_str(), m_szSessionSecret.GetLength(), hashOut, &len);
+	unsigned int len = 0;
+	HMAC(EVP_sha256(), szPassword.get(), (int)mir_strlen(szPassword), (BYTE*)m_szSessionSecret.c_str(), m_szSessionSecret.GetLength(), hashOut, &len);
 	ptrA szSessionKey(mir_base64_encode(hashOut, sizeof(hashOut)));
 
-	CMStringA hashData(FORMAT, "POST&%s&%s", ptrA(mir_urlEncode(pReq->szUrl)), ptrA(mir_urlEncode(pReq->m_szParam)));
-	HMAC(EVP_sha256(), szSessionKey.get(), mir_strlen(szSessionKey), (BYTE*)hashData.c_str(), hashData.GetLength(), hashOut, &len);
-
-	pReq->m_szParam.Empty();
-	pReq << CHAR_PARAM("a", m_szAToken) << INT_PARAM("activeTimeout", 180) << CHAR_PARAM("assertCaps", CAPS)
-		<< INT_PARAM("buildNumber", __BUILD_NUM) << CHAR_PARAM("clientName", "Miranda NG") << INT_PARAM("clientVersion", 5000)
-		<< CHAR_PARAM("deviceId", szDeviceId) << CHAR_PARAM("events", EVENTS) << CHAR_PARAM("f", "json") << CHAR_PARAM("imf", "plain")
-		<< CHAR_PARAM("inactiveView", "offline") << CHAR_PARAM("includePresenceFields", FIELDS) << CHAR_PARAM("invisible", "false")
-		<< CHAR_PARAM("k", "ic1nmMjqg7Yu-0hL") << INT_PARAM("majorVersion", __MAJOR_VERSION) << INT_PARAM("minorVersion", __MINOR_VERSION)
-		<< INT_PARAM("mobile", 0) << CHAR_PARAM("nonce", nonce) << INT_PARAM("pointVersion", 0) << CHAR_PARAM("r", (char*)szId) 
-		<< INT_PARAM("rawMsg", 0) << INT_PARAM("sessionTimeout", 7776000) << CHAR_PARAM("sig_sha256", ptrA(mir_base64_encode(hashOut, sizeof(hashOut)))) 
-		<< INT_PARAM("ts", ts) << CHAR_PARAM("view", "online");
+	CMStringA hashData(FORMAT, "POST&%s&%s", ptrA(mir_urlEncode(pReq->m_szUrl)), ptrA(mir_urlEncode(pReq->m_szParam)));
+	HMAC(EVP_sha256(), szSessionKey.get(), (int)mir_strlen(szSessionKey), (BYTE*)hashData.c_str(), hashData.GetLength(), hashOut, &len);
+	pReq << CHAR_PARAM("sig_sha256", ptrA(mir_base64_encode(hashOut, sizeof(hashOut))));
 
 	Push(pReq);
 	RpcStringFreeA(&szId);
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index 28166d3348..1ed762290e 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -230,7 +230,7 @@ void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t
 	memset(res, 0, MIR_SHA1_HASH_SIZE);
 
 	for (int i = 0; i < ind; i++) {
-		unsigned int len = MIR_SHA1_HASH_SIZE;
+		unsigned int len;
 		HMAC(EVP_sha1(), (BYTE*)passw, passwLen, u, bufLen, u, &len);
 		bufLen = MIR_SHA1_HASH_SIZE;
 
@@ -269,7 +269,7 @@ char* TScramAuth::getChallenge(const wchar_t *challenge)
 	Hi(saltedPassw, passw, passwLen, salt, saltLen, ind);
 
 	BYTE clientKey[MIR_SHA1_HASH_SIZE];
-	unsigned int len = sizeof(clientKey);
+	unsigned int len;
 	HMAC(EVP_sha1(), saltedPassw, sizeof(saltedPassw), (BYTE*)"Client Key", 10, clientKey, &len);
 
 	BYTE storedKey[MIR_SHA1_HASH_SIZE];
diff --git a/protocols/MSN/src/msn_auth.cpp b/protocols/MSN/src/msn_auth.cpp
index e478dc6e72..5c5f6bad46 100644
--- a/protocols/MSN/src/msn_auth.cpp
+++ b/protocols/MSN/src/msn_auth.cpp
@@ -524,7 +524,7 @@ static void derive_key(BYTE* der, unsigned char* key, size_t keylen, unsigned ch
 	const size_t buflen = MIR_SHA1_HASH_SIZE + datalen;
 	BYTE* buf = (BYTE*)alloca(buflen);
 
-	unsigned int len = sizeof(hash1);
+	unsigned int len;
 	HMAC(EVP_sha1(), key, keylen, data, datalen, hash1, &len);
 	HMAC(EVP_sha1(), key, keylen, hash1, MIR_SHA1_HASH_SIZE, hash3, &len);
 
@@ -565,7 +565,7 @@ CMStringA CMsnProto::HotmailLogin(const char* url)
 	result.Append(ptrA(mir_urlEncode(noncenc)));
 
 	BYTE hash[MIR_SHA1_HASH_SIZE];
-	unsigned int len = sizeof(hash);
+	unsigned int len;
 	HMAC(EVP_sha1(), key2, sizeof(key2), (BYTE*)result.GetString(), result.GetLength(), hash, &len);
 	ptrA szHash(mir_base64_encode(hash, sizeof(hash)));
 	result.AppendFormat("&hash=%s", ptrA(mir_urlEncode(szHash)));
diff --git a/protocols/Twitter/src/oauth.cpp b/protocols/Twitter/src/oauth.cpp
index b4b00cb8fa..3e6362c397 100644
--- a/protocols/Twitter/src/oauth.cpp
+++ b/protocols/Twitter/src/oauth.cpp
@@ -337,7 +337,7 @@ wstring mir_twitter::OAuthCreateSignature(const wstring& signatureBase, const ws
 	string keyBytes = WideToUTF8(key);
 
 	BYTE digest[MIR_SHA1_HASH_SIZE];
-	unsigned int len = sizeof(digest);
+	unsigned int len;
 	string data = WideToUTF8(signatureBase);
 	HMAC(EVP_sha1(), keyBytes.c_str(), keyBytes.size(), (PBYTE)data.c_str(), data.size(), digest, &len);
 	ptrA encoded(mir_base64_encode(digest, sizeof(digest)));
diff --git a/src/mir_core/src/http.cpp b/src/mir_core/src/http.cpp
index fad969c680..8d4ae7dfd6 100755
--- a/src/mir_core/src/http.cpp
+++ b/src/mir_core/src/http.cpp
@@ -21,6 +21,30 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 static const char szHexDigits[] = "0123456789ABCDEF";
 
+MIR_CORE_DLL(char*) mir_urlDecode(const char *szUrl)
+{
+	if (szUrl == nullptr)
+		return nullptr;
+
+	char *ret = mir_strdup(szUrl);
+
+	for (char *p = ret; *p; p++) {
+		switch (*p) {
+		case '%':
+			int ii;
+			sscanf(p+1, "%2x", &ii);
+			strdel(p, 2);
+			*p = ii;
+			break;
+
+		case '+':
+			*p = ' ';
+			break;
+		}
+	}
+	return ret;
+}
+
 MIR_CORE_DLL(char*) mir_urlEncode(const char *szUrl)
 {
 	if (szUrl == nullptr)
diff --git a/src/mir_core/src/mir_core.def b/src/mir_core/src/mir_core.def
index 4a744c5b5f..2626bbf556 100644
--- a/src/mir_core/src/mir_core.def
+++ b/src/mir_core/src/mir_core.def
@@ -154,6 +154,7 @@ wildcmpi                      @158
 wildcmpiw                     @159
 mir_base64_encode             @160
 mir_base64_decode             @161
+mir_urlDecode                 @162
 db_set_resident               @165
 db_set                        @166
 mir_subclassWindowFull        @218
diff --git a/src/mir_core/src/mir_core64.def b/src/mir_core/src/mir_core64.def
index 3f25e54f77..6a5981c157 100644
--- a/src/mir_core/src/mir_core64.def
+++ b/src/mir_core/src/mir_core64.def
@@ -154,6 +154,7 @@ wildcmpi                      @158
 wildcmpiw                     @159
 mir_base64_encode             @160
 mir_base64_decode             @161
+mir_urlDecode                 @162
 db_set_resident               @165
 db_set                        @166
 mir_subclassWindowFull        @218
-- 
cgit v1.2.3