[Gaim-devel] Bug in new Yahoo login code + fix.

[Jeffrey L. <je...@li...>]

I believe I have an improvement to the new Yahoo login authentication, and
thought I'd offer some help.

From the gaim CVS sources, it seems that you are using the following
routine:

 magic_cnt = 1;

 for (;;) {
  unsigned int cl = magic[magic_cnt] & 0xff;
  unsigned int bl = magic[magic_cnt+1] & 0xff;

  if (!bl || !cl)
   break;

  if (magic_cnt > magic_len)
   break;

  if (cl <= 0x7f)
   bl = cl;
  else {
   if (cl >= 0x0e0) {
    cl = cl & 0x0f;
    cl = cl << 6;
    bl = bl & 0x3f;
    bl = cl + bl;
    bl = bl << 6;
   } else {
    cl = cl & 0x1f;
    cl = cl << 6;
    bl = cl;
   }

   cl = magic[magic_cnt+2];

   if (!cl)
    break;

   cl = cl & 0x3f;
   bl = bl + cl;
  }

  /* Result is bl.
   */

  magic_cnt += 3;

   if (times == 0) {
   value |= (bl & 0xff) << 8;
   value |= (bl & 0xff00) >> 8;
  } else {
   value |= (bl & 0xff) << 24;
   value |= (bl & 0xff00) << 8;
   break;
  }

  times++;
 }

In my own sources, I use the following:

 char Value[4];
 int ValueOffset = 0;
 const unsigned char *Seed = YahooSeed+1;

 do
 {
  unsigned int v = *Seed++;

  if(v >= 0x80)
  {
   if(v >= 0xe0)
   {
    v = ((v&0xF) << 12) + ((*Seed++ & 0x3F) << 6);
   }
   else
   {
    v = (v&0x1F) << 6;
   }
   v += *Seed++ & 0x3F;
  }

  Value[ValueOffset++] = v >> 8;
  Value[ValueOffset++] = v;

 } while(ValueOffset < 3);

This seems to provide a consistent logon mechanism. The YahooSeed is the
same as the "magic" variable in gaim sources, except it's an array of
unsigned char instead of int.

I haven't modified the gaim sources directly - rather, I'm just giving a
snippet of code from my own sources. The biggest error is in the gaim
sources is the magic_cnt advancement

Please feel free to contact me for any further information/discussion.

Jeffrey Lim