X-Git-Url: http://andersk.mit.edu/gitweb/libfaim.git/blobdiff_plain/e50124508689661c935f5d29e27bef3178e9326c..13ebc4c4459f5348470886f97cad4f964cde9afb:/aim_tlv.c

diff --git a/aim_tlv.c b/aim_tlv.c
index 42d3602..1058b22 100644
--- a/aim_tlv.c
+++ b/aim_tlv.c
@@ -28,18 +28,30 @@ struct aim_tlvlist_t *aim_readtlvchain(u_char *buf, int maxlen)
 	  
 	  if ((pos+length) <= maxlen)
 	    {
-	      cur = (struct aim_tlvlist_t *)malloc(sizeof(struct aim_tlvlist_t));
-	      memset(cur, 0x00, sizeof(struct aim_tlvlist_t));
-
-	      cur->tlv = aim_createtlv();	
-	      cur->tlv->type = type;
-	      cur->tlv->length = length;
-	      cur->tlv->value = (u_char *)malloc(length*sizeof(u_char));
-	      memcpy(cur->tlv->value, buf+pos, length);
-	      
-	      cur->next = list;
-	      list = cur;
+	      /*
+	       * Okay, so now AOL has decided that any TLV of
+	       * type 0x0013 can only be two bytes, despite
+	       * what the actual given length is.  So here 
+	       * we dump any invalid TLVs of that sort.  Hopefully
+	       * theres no special cases to this special case.
+	       *   - mid (30jun2000)
+	       */
+	      if ((type == 0x0013) && (length != 0x0002)) {
+		printf("faim: skipping TLV t(0013) with invalid length (0x%04x)\n", length);
+		length = 0x0002;
+	      } else {
+		cur = (struct aim_tlvlist_t *)malloc(sizeof(struct aim_tlvlist_t));
+		memset(cur, 0x00, sizeof(struct aim_tlvlist_t));
+
+		cur->tlv = aim_createtlv();	
+		cur->tlv->type = type;
+		cur->tlv->length = length;
+		cur->tlv->value = (u_char *)malloc(length*sizeof(u_char));
+		memcpy(cur->tlv->value, buf+pos, length);
 	      
+		cur->next = list;
+		list = cur;
+	      }
 	      pos += length;
 	    }
 	}