adium: e135769d: *** Plucked rev 757272a78a8ca6027d518e61...
thijsalkemade at gmail.com
thijsalkemade at gmail.com
Thu Dec 15 11:50:47 EST 2011
----------------------------------------------------------------------
Revision: e135769d57c55a9ec473ff0537f6eb62c0575408
Parent: 49165fe031556f6fe6c91eadc8305a0e9001eb90
Author: thijsalkemade at gmail.com
Date: 12/15/11 11:46:28
Branch: im.pidgin.adium
URL: http://d.pidgin.im/viewmtn/revision/info/e135769d57c55a9ec473ff0537f6eb62c0575408
Changelog:
*** Plucked rev 757272a78a8ca6027d518e614712c3399e34dda3 (markdoliner at pidgin.im):
Fix remotely-triggerable crashes by validating strings in a few
messages related to buddy list management. Fixes #14682
I changed the four functions that parse incoming authorization-related
SNACs. The changes are:
- Make sure we have a buddy name and it is valid UTF-8. If not, we
drop the SNAC and log a debug message (we can't do much with an empty,
invalid or incorrect buddy name). This wasn't a part of the bug
report and I doubt it's actually a problem, but it seems like a good
idea regardless.
- If the incoming message is not valid UTF-8 then use
purple_utf8_salvage() to replace invalid bytes with question marks. I
believe this fixes the bug in question.
Changes against parent 49165fe031556f6fe6c91eadc8305a0e9001eb90
patched ChangeLog
patched libpurple/protocols/oscar/family_feedbag.c
-------------- next part --------------
============================================================
--- ChangeLog 69ad72a81047fbd61ea3badcc024488a54169611
+++ ChangeLog 17fbae9b5e9efd4d2874b9e0d9c9e87fb96a1fc6
@@ -1,5 +1,39 @@ Pidgin and Finch: The Pimpin' Penguin IM
Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
+version 2.10.1 (10/11/2011):
+ Finch:
+ * Fix compilation on OpenBSD.
+
+ AIM and ICQ:
+ * Fix remotely-triggerable crashes by validating strings in a few
+ messages related to buddy list management. (#14682)
+
+ Bonjour:
+ * IPv6 fixes (Linus L?ssing)
+
+ Gadu-Gadu:
+ * Fix problems linking against GnuTLS. (#14544)
+
+ IRC:
+ * Fix a leak when admitting UTF-8 text with a non-UTF-8 primary
+ encoding. (#14700)
+
+ Sametime:
+ * Separate "username" and "server" when adding new Sametime accounts.
+ (#14608)
+ * Fix compilation in Visual C++. (#14608)
+
+ SILC:
+ * Fix CVE-2011-3594, by UTF-8 validating incoming messages before
+ passing them to glib or libpurple. Identified by Diego Bauche
+ Madero from IOActive. (#14636)
+
+ Yahoo!:
+ * Fetch buddy icons in some cases where we previously weren't. (#13050)
+
+ Windows-Specific Changes:
+ * Fix compilation
+
version 2.10.0 (08/18/2011):
Pidgin:
* Make the max size of incoming smileys a pref instead of hardcoding it.
@@ -35,10 +69,15 @@ version 2.10.0 (08/18/2011):
ICQ account that is configured as an AIM account. (#14437)
IRC:
+ * Fix a crash when remote users have certain characters in their
+ nicknames. (Discovered by Djego Ibanez) (#14341)
* Fix the handling of formatting following mIRC ^O (#14436)
* Fix crash when NAMES is empty. (James McLaughlin) (#14518)
MSN:
+ * Fix incorrect handling of HTTP 100 responses when using the HTTP
+ connection method. This can lead to a crash. (Discovered by Marius
+ Wachtler)
* Fix seemingly random crashing. (#14307)
* Fix a crash when the account is disconnected at the time we are doing a
SB request. (Hanzz, ported by shlomif) (#12431)
@@ -53,6 +92,12 @@ version 2.10.0 (08/18/2011):
* Fix coming out of idle while in an unavailable state
* Fix logging into Yahoo! JAPAN. (#14259)
+ Windows-Specific Changes:
+ * Open an explorer.exe window at the location of the file when clicking
+ on a file link instead of executing the file, because executing a file
+ can be potentially dangerous. (Discovered by James Burton of
+ Insomnia Security) (Fixed by Eion Robb)
+
version 2.9.0 (06/23/2011):
Pidgin:
* Fix a potential remote denial-of-service bug related to displaying
============================================================
--- libpurple/protocols/oscar/family_feedbag.c 8f80e2c5acd2b21acc88d54ba8e5ab43dbdaa3e2
+++ libpurple/protocols/oscar/family_feedbag.c ff8702078ba3a5c73ff1c86a206f09f7749c1314
@@ -1650,18 +1650,35 @@ static int receiveauthgrant(OscarData *o
int ret = 0;
aim_rxcallback_t userfunc;
guint16 tmp;
- char *bn, *msg;
+ char *bn, *msg, *tmpstr;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping auth grant SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping auth grant SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
- /* Read message (null terminated) */
- if ((tmp = byte_stream_get16(bs)))
+ /* Read message */
+ tmp = byte_stream_get16(bs);
+ if (tmp) {
msg = byte_stream_getstr(bs, tmp);
- else
+ if (!g_utf8_validate(msg, -1, NULL)) {
+ /* Ugh, msg isn't UTF8. Let's salvage. */
+ purple_debug_warning("oscar", "Got non-UTF8 message in auth "
+ "grant from %s\n", bn);
+ tmpstr = purple_utf8_salvage(msg);
+ g_free(msg);
+ msg = tmpstr;
+ }
+ } else
msg = NULL;
/* Unknown */
@@ -1724,18 +1741,35 @@ static int receiveauthrequest(OscarData
int ret = 0;
aim_rxcallback_t userfunc;
guint16 tmp;
- char *bn, *msg;
+ char *bn, *msg, *tmpstr;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping auth request SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping auth request SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
- /* Read message (null terminated) */
- if ((tmp = byte_stream_get16(bs)))
+ /* Read message */
+ tmp = byte_stream_get16(bs);
+ if (tmp) {
msg = byte_stream_getstr(bs, tmp);
- else
+ if (!g_utf8_validate(msg, -1, NULL)) {
+ /* Ugh, msg isn't UTF8. Let's salvage. */
+ purple_debug_warning("oscar", "Got non-UTF8 message in auth "
+ "request from %s\n", bn);
+ tmpstr = purple_utf8_salvage(msg);
+ g_free(msg);
+ msg = tmpstr;
+ }
+ } else
msg = NULL;
/* Unknown */
@@ -1808,21 +1842,38 @@ static int receiveauthreply(OscarData *o
aim_rxcallback_t userfunc;
guint16 tmp;
guint8 reply;
- char *bn, *msg;
+ char *bn, *msg, *tmpstr;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping auth reply SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping auth reply SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
/* Read reply */
reply = byte_stream_get8(bs);
- /* Read message (null terminated) */
- if ((tmp = byte_stream_get16(bs)))
+ /* Read message */
+ tmp = byte_stream_get16(bs);
+ if (tmp) {
msg = byte_stream_getstr(bs, tmp);
- else
+ if (!g_utf8_validate(msg, -1, NULL)) {
+ /* Ugh, msg isn't UTF8. Let's salvage. */
+ purple_debug_warning("oscar", "Got non-UTF8 message in auth "
+ "reply from %s\n", bn);
+ tmpstr = purple_utf8_salvage(msg);
+ g_free(msg);
+ msg = tmpstr;
+ }
+ } else
msg = NULL;
/* Unknown */
@@ -1848,10 +1899,18 @@ static int receiveadded(OscarData *od, F
char *bn;
/* Read buddy name */
- if ((tmp = byte_stream_get8(bs)))
- bn = byte_stream_getstr(bs, tmp);
- else
- bn = NULL;
+ tmp = byte_stream_get8(bs);
+ if (!tmp) {
+ purple_debug_warning("oscar", "Dropping 'you were added' SNAC "
+ "because username was empty\n");
+ return 0;
+ }
+ bn = byte_stream_getstr(bs, tmp);
+ if (!g_utf8_validate(bn, -1, NULL)) {
+ purple_debug_warning("oscar", "Dropping 'you were added' SNAC "
+ "because the username was not valid UTF-8\n");
+ g_free(bn);
+ }
if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
ret = userfunc(od, conn, frame, bn);
More information about the Commits
mailing list