pidgin: 1783b284: Don't crash on malicious candidates miss...
darkrain42 at pidgin.im
darkrain42 at pidgin.im
Wed Apr 29 23:46:17 EDT 2009
-----------------------------------------------------------------
Revision: 1783b284531897124661a5b21d4ae0e9b021101c
Ancestor: b8bfeb89a3051f7d0f958afccd71b8dd4b11560c
Author: darkrain42 at pidgin.im
Date: 2009-04-30T03:40:50
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/1783b284531897124661a5b21d4ae0e9b021101c
Modified files:
libpurple/protocols/jabber/jingle/iceudp.c
libpurple/protocols/jabber/jingle/rawudp.c
ChangeLog:
Don't crash on malicious candidates missing attributes
-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/jingle/iceudp.c 3657e85f90363281bf07f6ce82f57fbc44147ae4
+++ libpurple/protocols/jabber/jingle/iceudp.c 3f76124ad86cf3d4e52c038a082ef7d82a9d060d
@@ -310,19 +310,33 @@ jingle_iceudp_parse_internal(xmlnode *ic
const gchar *password = xmlnode_get_attrib(iceudp, "pwd");
for (; candidate; candidate = xmlnode_get_next_twin(candidate)) {
- const gchar *relport =
- xmlnode_get_attrib(candidate, "rel-port");
+ const gchar *relport = xmlnode_get_attrib(candidate, "rel-port");
+ const gchar *component = xmlnode_get_attrib(candidate, "component");
+ const gchar *foundation = xmlnode_get_attrib(candidate, "foundation");
+ const gchar *generation = xmlnode_get_attrib(candidate, "generation");
+ const gchar *id = xmlnode_get_attrib(candidate, "id");
+ const gchar *ip = xmlnode_get_attrib(candidate, "ip");
+ const gchar *network = xmlnode_get_attrib(candidate, "network");
+ const gchar *port = xmlnode_get_attrib(candidate, "port");
+ const gchar *priority = xmlnode_get_attrib(candidate, "priority");
+ const gchar *protocol = xmlnode_get_attrib(candidate, "protocol");
+ const gchar *type = xmlnode_get_attrib(candidate, "type");
+
+ if (!component || !foundation || !generation || !id || !ip ||
+ !network || !port || !priority || !protocol || !type)
+ continue;
+
iceudp_candidate = jingle_iceudp_candidate_new(
- atoi(xmlnode_get_attrib(candidate, "component")),
- xmlnode_get_attrib(candidate, "foundation"),
- atoi(xmlnode_get_attrib(candidate, "generation")),
- xmlnode_get_attrib(candidate, "id"),
- xmlnode_get_attrib(candidate, "ip"),
- atoi(xmlnode_get_attrib(candidate, "network")),
- atoi(xmlnode_get_attrib(candidate, "port")),
- atoi(xmlnode_get_attrib(candidate, "priority")),
- xmlnode_get_attrib(candidate, "protocol"),
- xmlnode_get_attrib(candidate, "type"),
+ atoi(component),
+ foundation,
+ atoi(generation),
+ id,
+ ip,
+ atoi(network),
+ atoi(port),
+ atoi(priority),
+ protocol,
+ type,
username, password);
iceudp_candidate->reladdr = g_strdup(
xmlnode_get_attrib(candidate, "rel-addr"));
============================================================
--- libpurple/protocols/jabber/jingle/rawudp.c 55102047468aaaa2a2e082a90376364e31875db2
+++ libpurple/protocols/jabber/jingle/rawudp.c 00ff786287687fdcc86736c48762e8eeddb9d596
@@ -278,12 +278,21 @@ jingle_rawudp_parse_internal(xmlnode *ra
JingleRawUdpCandidate *rawudp_candidate = NULL;
for (; candidate; candidate = xmlnode_get_next_twin(candidate)) {
+ const gchar *id = xmlnode_get_attrib(candidate, "id");
+ const gchar *generation = xmlnode_get_attrib(candidate, "generation");
+ const gchar *component = xmlnode_get_attrib(candidate, "component");
+ const gchar *ip = xmlnode_get_attrib(candidate, "ip");
+ const gchar *port = xmlnode_get_attrib(candidate, "port");
+
+ if (!id || !generation || !component || !ip || !port)
+ continue;
+
rawudp_candidate = jingle_rawudp_candidate_new(
- xmlnode_get_attrib(candidate, "id"),
- atoi(xmlnode_get_attrib(candidate, "generation")),
- atoi(xmlnode_get_attrib(candidate, "component")),
- xmlnode_get_attrib(candidate, "ip"),
- atoi(xmlnode_get_attrib(candidate, "port")));
+ id,
+ atoi(generation),
+ atoi(component),
+ ip,
+ atoi(port));
rawudp_candidate->rem_known = TRUE;
jingle_rawudp_add_remote_candidate(JINGLE_RAWUDP(transport), rawudp_candidate);
}
More information about the Commits
mailing list