Hi,
I found a bug (inaccurate parsing) in PyAIM-t preventing some AIM
accounts to authenticate correctly: The length of the MD5 hashing key
(family 0x0017 subfamily 0x0007 [1]) is ignored in the old code and thus
a wrong (too long) MD5 key is used for calculatinng the password hash.
A bugfix is attached.
I have not yet investigated which AIM accounts are affected, but I had
more than one user complaining.
Regards,
Michael
[1] http://xeons.net/oscar/index.php?id=bucp/0007
diff -rNu pyaimt/src/tlib/oscar.py pyaimt.fixed/src/tlib/oscar.py
--- pyaimt/src/tlib/oscar.py 2007-03-22 12:17:31.000000000 +0100
+++ pyaimt.fixed/src/tlib/oscar.py 2007-03-22 17:33:57.516084000 +0100
@@ -3103,7 +3103,8 @@
if not snac:
log.msg("Illegal SNAC data received in oscar_Key: %s" % data)
return
- key=snac[5][2:]
+ len=ord(snac[5][0]) * 256 + ord(snac[5][1])
+ key=snac[5][2:2+len]
encpass=encryptPasswordMD5(self.password,key)
self.sendFLAP(SNAC(0x17,0x02,0,
TLV(TLV_USERNAME,self.username)+
_______________________________________________
py-transports mailing list
[email protected]
http://lists.modevia.com/cgi-bin/mailman/listinfo/py-transports
