pidgin: a7c415ab: Fix CVE-2011-1091, improper handling of ...
rekkanoryo at pidgin.im
rekkanoryo at pidgin.im
Thu Mar 10 22:15:54 EST 2011
----------------------------------------------------------------------
Revision: a7c415abba1f5f01f79295337518837f73d99bb7
Parent: 5cbe18129b6e7c660bc093f7e5e1414ceca17d04
Author: rekkanoryo at pidgin.im
Date: 03/10/11 21:00:15
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/a7c415abba1f5f01f79295337518837f73d99bb7
Changelog:
Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
pointer dereferences, leading to denial of service.
Changes against parent 5cbe18129b6e7c660bc093f7e5e1414ceca17d04
patched libpurple/protocols/yahoo/libymsg.c
-------------- next part --------------
============================================================
--- libpurple/protocols/yahoo/libymsg.c 2cc9f7b1c52fad23d852da2fc99d216120c90305
+++ libpurple/protocols/yahoo/libymsg.c b5041f120fddae141805f35c26d08b6d2b8716e4
@@ -842,7 +842,7 @@ static void yahoo_process_notify(PurpleC
break;
}
- if (*stat == '1')
+ if (stat && *stat == '1')
serv_got_typing(gc, fed_from, 0, PURPLE_TYPING);
else
serv_got_typing_stopped(gc, fed_from);
@@ -864,7 +864,7 @@ static void yahoo_process_notify(PurpleC
yahoo_friend_set_game(f, NULL);
- if (*stat == '1') {
+ if (stat && *stat == '1') {
yahoo_friend_set_game(f, game);
if (bud)
yahoo_update_status(gc, from, f);
@@ -922,6 +922,11 @@ static void yahoo_process_sms_message(Pu
l = l->next;
}
+ if(!sms) {
+ purple_debug_info("yahoo", "Received a malformed SMS packet!\n");
+ return;
+ }
+
if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) {
if (server_msg) {
PurpleConversation *c;
More information about the Commits
mailing list