Add a little bit of memory safety on the websocket connection

Author: EionRobb

.vscode/settings.json

@@ -0,0 +1,40 @@
+{
+    "cmake.configureOnOpen": false,
+    "C_Cpp.default.compilerPath": "C:\\cygwin64\\home\\eion\\win32-dev\\mingw-4.7.2\\bin\\gcc.exe",
+    "cSpell.words": [
+        "blist",
+        "cbflags",
+        "chatconv",
+        "chatname",
+        "gboolean",
+        "gchar",
+        "gdouble",
+        "gint",
+        "gpointer",
+        "gssize",
+        "guchar",
+        "guint",
+        "guintptr",
+        "gulong",
+        "HALFOP",
+        "postdata",
+        "prpl",
+        "qrauth",
+        "QRCODE",
+        "roomlist",
+        "ROOMTYPE",
+        "strconcat",
+        "strfreev",
+        "strjoinv",
+        "strsplit",
+        "unreact",
+        "wpurple"
+    ],
+    "C_Cpp.codeAnalysis.clangTidy.enabled": true,
+    "C_Cpp.default.cStandard": "gnu99",
+    "C_Cpp.default.intelliSenseMode": "windows-gcc-x86",
+    "C_Cpp.intelliSenseEngine": "default",
+    "C_Cpp.codeAnalysis.clangTidy.args": [
+        "-external:W0"
+    ]
+}

libdiscord.c

@@ -6592,6 +6592,7 @@ discord_socket_got_data(gpointer userdata, PurpleSslConnection *conn, PurpleInpu
 
 			length_code = 0;
 			purple_ssl_read(conn, &length_code, 1);
+			length_code = length_code & ~0x80;
 
 			if (length_code <= 125) {
 				ya->frame_len = length_code;
@@ -6601,6 +6602,18 @@ discord_socket_got_data(gpointer userdata, PurpleSslConnection *conn, PurpleInpu
 			} else if (length_code == 127) {
 				purple_ssl_read(conn, &ya->frame_len, 8);
 				ya->frame_len = GUINT64_FROM_BE(ya->frame_len);
+				if ((ya->frame_len & (1ULL << 63)) != 0) {
+					purple_debug_error("discord", "Frame length has MSB set, possible protocol error\n");
+					purple_connection_error(ya->pc, PURPLE_CONNECTION_ERROR_NETWORK_ERROR, _("Websocket protocol error"));
+					return;
+				}
+			}
+
+			// Check for unreasonable frame_len value
+			if (ya->frame_len > (16 * 1024 * 1024)) { // 16MB max frame size
+				purple_debug_error("discord", "Unreasonable frame length: %" G_GUINT64_FORMAT "\n", ya->frame_len);
+				purple_connection_error(ya->pc, PURPLE_CONNECTION_ERROR_NETWORK_ERROR, _("Websocket protocol error: unreasonable frame length"));
+				return;
 			}
 
 			ya->frame = g_new0(gchar, ya->frame_len + 1);

po/purple-discord.pot

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-03-13 21:40+0100\n"
+"POT-Creation-Date: 2025-06-29 22:12+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -27,6 +27,46 @@ msgstr ""
 msgid "Connection error: %s."
 msgstr ""
 
+#, c-format
+msgid "%d second%s ago"
+msgstr ""
+
+#, c-format
+msgid "%d minute%s ago"
+msgstr ""
+
+#, c-format
+msgid "%d hour%s ago"
+msgstr ""
+
+#, c-format
+msgid "%d day%s ago"
+msgstr ""
+
+#, c-format
+msgid "%d year%s ago"
+msgstr ""
+
+#, c-format
+msgid "in %d second%s"
+msgstr ""
+
+#, c-format
+msgid "in %d minute%s"
+msgstr ""
+
+#, c-format
+msgid "in %d hour%s"
+msgstr ""
+
+#, c-format
+msgid "in %d day%s"
+msgstr ""
+
+#, c-format
+msgid "in %d year%s"
+msgstr ""
+
 msgid "your"
 msgstr ""
 
@@ -173,6 +213,12 @@ msgstr ""
 msgid "Reauthentication required"
 msgstr ""
 
+msgid "Websocket protocol error"
+msgstr ""
+
+msgid "Websocket protocol error: unreasonable frame length"
+msgstr ""
+
 msgid "Lost connection to server"
 msgstr ""
 
@@ -301,6 +347,9 @@ msgstr ""
 msgid "Email address..."
 msgstr ""
 
+msgid "Show reaction emojis"
+msgstr ""
+
 msgid "Use status message as in-game info"
 msgstr ""