pidgin: c66c5a64: Oops, I forgot to move the size check to...
qulogic at pidgin.im
qulogic at pidgin.im
Thu Mar 10 01:31:14 EST 2011
----------------------------------------------------------------------
Revision: c66c5a64494057c9393b87475339e260c5b5658f
Parent: ffd6e338597b87622301f54398703896e7124748
Author: qulogic at pidgin.im
Date: 03/10/11 00:07:48
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/c66c5a64494057c9393b87475339e260c5b5658f
Changelog:
Oops, I forgot to move the size check to the new location.
Changes against parent ffd6e338597b87622301f54398703896e7124748
patched libpurple/protocols/msn/p2p.c
-------------- next part --------------
============================================================
--- libpurple/protocols/msn/p2p.c af119f89de0271f164d01e1efabc9f30ee42a834
+++ libpurple/protocols/msn/p2p.c 4f05f9c7de080441e57aea118ac3f568f043061d
@@ -90,12 +90,18 @@ msn_p2p_header_from_wire(MsnP2PInfo *inf
size_t
msn_p2p_header_from_wire(MsnP2PInfo *info, const char *wire, size_t max_len)
{
- size_t len;
+ size_t len = 0;
switch (info->version) {
case MSN_P2P_VERSION_ONE: {
MsnP2PHeader *header = &info->header.v1;
+ if (max_len < P2P_PACKET_HEADER_SIZE) {
+ /* Invalid packet length */
+ len = 0;
+ break;
+ }
+
header->session_id = msn_pop32le(wire);
header->id = msn_pop32le(wire);
header->offset = msn_pop64le(wire);
More information about the Commits
mailing list