pidgin.2.5.9: 6f734316: Patch written by Mark Doliner and Paul A...
rekkanoryo at pidgin.im
rekkanoryo at pidgin.im
Tue Aug 18 11:50:53 EDT 2009
-----------------------------------------------------------------
Revision: 6f7343166c673bf0496ecb1afec9b633c1d54a0e
Ancestor: 0a0f6d3c116f4c09a925eec624d203e06b1c9871
Author: rekkanoryo at pidgin.im
Date: 2009-08-14T23:31:21
Branch: im.pidgin.pidgin.2.5.9
URL: http://d.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e
Modified files:
libpurple/protocols/msn/slplink.c
ChangeLog:
Patch written by Mark Doliner and Paul Aurich to fix a remote crash on MSN
reported to us by the CORE Security Technologies Security Advisories Team.
-------------- next part --------------
============================================================
--- libpurple/protocols/msn/slplink.c 9e6b1889f6cd2f2925223509755d0bf65054c1cf
+++ libpurple/protocols/msn/slplink.c 7ba818c9c3fa8adcd86dafd01dfefef37c2260f4
@@ -447,6 +447,7 @@ msn_slplink_send_ack(MsnSlpLink *slplink
#endif
msn_slplink_send_slpmsg(slplink, slpmsg);
+ msn_slpmsg_destroy(slpmsg);
}
static void
@@ -587,7 +588,7 @@ msn_slplink_process_msg(MsnSlpLink *slpl
/* fseek(slpmsg->fp, offset, SEEK_SET); */
len = fwrite(data, 1, len, slpmsg->fp);
}
- else if (slpmsg->size)
+ else if (slpmsg->size && slpmsg->buffer)
{
if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
{
More information about the Commits
mailing list