pidgin: 1783b284: Don't crash on malicious candidates miss...

darkrain42 at pidgin.im darkrain42 at pidgin.im
Wed Apr 29 23:46:17 EDT 2009


-----------------------------------------------------------------
Revision: 1783b284531897124661a5b21d4ae0e9b021101c
Ancestor: b8bfeb89a3051f7d0f958afccd71b8dd4b11560c
Author: darkrain42 at pidgin.im
Date: 2009-04-30T03:40:50
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/1783b284531897124661a5b21d4ae0e9b021101c

Modified files:
        libpurple/protocols/jabber/jingle/iceudp.c
        libpurple/protocols/jabber/jingle/rawudp.c

ChangeLog: 

Don't crash on malicious candidates missing attributes

-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/jingle/iceudp.c	3657e85f90363281bf07f6ce82f57fbc44147ae4
+++ libpurple/protocols/jabber/jingle/iceudp.c	3f76124ad86cf3d4e52c038a082ef7d82a9d060d
@@ -310,19 +310,33 @@ jingle_iceudp_parse_internal(xmlnode *ic
 	const gchar *password = xmlnode_get_attrib(iceudp, "pwd");
 
 	for (; candidate; candidate = xmlnode_get_next_twin(candidate)) {
-		const gchar *relport =
-				xmlnode_get_attrib(candidate, "rel-port");
+		const gchar *relport = xmlnode_get_attrib(candidate, "rel-port");
+		const gchar *component = xmlnode_get_attrib(candidate, "component");
+		const gchar *foundation = xmlnode_get_attrib(candidate, "foundation");
+		const gchar *generation = xmlnode_get_attrib(candidate, "generation");
+		const gchar *id = xmlnode_get_attrib(candidate, "id");
+		const gchar *ip = xmlnode_get_attrib(candidate, "ip");
+		const gchar *network = xmlnode_get_attrib(candidate, "network");
+		const gchar *port = xmlnode_get_attrib(candidate, "port");
+		const gchar *priority = xmlnode_get_attrib(candidate, "priority");
+		const gchar *protocol = xmlnode_get_attrib(candidate, "protocol");
+		const gchar *type = xmlnode_get_attrib(candidate, "type");
+
+		if (!component || !foundation || !generation || !id || !ip ||
+				!network || !port || !priority || !protocol || !type)
+			continue;
+
 		iceudp_candidate = jingle_iceudp_candidate_new(
-				atoi(xmlnode_get_attrib(candidate, "component")),
-				xmlnode_get_attrib(candidate, "foundation"),
-				atoi(xmlnode_get_attrib(candidate, "generation")),
-				xmlnode_get_attrib(candidate, "id"),
-				xmlnode_get_attrib(candidate, "ip"),
-				atoi(xmlnode_get_attrib(candidate, "network")),
-				atoi(xmlnode_get_attrib(candidate, "port")),
-				atoi(xmlnode_get_attrib(candidate, "priority")),
-				xmlnode_get_attrib(candidate, "protocol"),
-				xmlnode_get_attrib(candidate, "type"),
+				atoi(component),
+				foundation,
+				atoi(generation),
+				id,
+				ip,
+				atoi(network),
+				atoi(port),
+				atoi(priority),
+				protocol,
+				type,
 				username, password);
 		iceudp_candidate->reladdr = g_strdup(
 				xmlnode_get_attrib(candidate, "rel-addr"));
============================================================
--- libpurple/protocols/jabber/jingle/rawudp.c	55102047468aaaa2a2e082a90376364e31875db2
+++ libpurple/protocols/jabber/jingle/rawudp.c	00ff786287687fdcc86736c48762e8eeddb9d596
@@ -278,12 +278,21 @@ jingle_rawudp_parse_internal(xmlnode *ra
 	JingleRawUdpCandidate *rawudp_candidate = NULL;
 
 	for (; candidate; candidate = xmlnode_get_next_twin(candidate)) {
+		const gchar *id = xmlnode_get_attrib(candidate, "id");
+		const gchar *generation = xmlnode_get_attrib(candidate, "generation");
+		const gchar *component = xmlnode_get_attrib(candidate, "component");
+		const gchar *ip = xmlnode_get_attrib(candidate, "ip");
+		const gchar *port = xmlnode_get_attrib(candidate, "port");
+
+		if (!id || !generation || !component || !ip || !port)
+			continue;
+
 		rawudp_candidate = jingle_rawudp_candidate_new(
-				xmlnode_get_attrib(candidate, "id"),
-				atoi(xmlnode_get_attrib(candidate, "generation")),
-				atoi(xmlnode_get_attrib(candidate, "component")),
-				xmlnode_get_attrib(candidate, "ip"),
-				atoi(xmlnode_get_attrib(candidate, "port")));
+				id,
+				atoi(generation),
+				atoi(component),
+				ip,
+				atoi(port));
 		rawudp_candidate->rem_known = TRUE;
 		jingle_rawudp_add_remote_candidate(JINGLE_RAWUDP(transport), rawudp_candidate);
 	}


More information about the Commits mailing list