/pidgin/main: ded93865ef42: Fix a buffer overflow vulnerability ...
Mark Doliner
mark at kingant.net
Thu Jul 5 13:24:34 EDT 2012
Changeset: ded93865ef42ce918d2a0defc251ef06163b6d62
Author: Mark Doliner <mark at kingant.net>
Date: 2012-07-02 18:54 -0700
Branch: release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
Description:
Fix a buffer overflow vulnerability when parsing incoming messages
containing inline images. Thanks to Ulf H?rnhammar for reporting
this!
diffstat:
ChangeLog | 7 ++++++-
libpurple/protocols/mxit/markup.c | 7 ++++---
2 files changed, 10 insertions(+), 4 deletions(-)
diffs (54 lines):
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
-version 2.10.5:
+version 2.10.5 (07/05/2012):
libpurple:
* Add support for GNOME3 proxy settings. (Mihai Serban) (#15054)
@@ -12,6 +12,11 @@
* Fix building with MSVC on Windows (broken in 2.10.4). (Florian
Quèze)
+ MXit:
+ * Fix a buffer overflow vulnerability when parsing incoming messages
+ containing inline images. Thanks to Ulf Härnhammar for reporting
+ this!
+
version 2.10.4 (05/06/2012):
General:
* Support building against Farstream in addition to Farsight.
diff --git a/libpurple/protocols/mxit/markup.c b/libpurple/protocols/mxit/markup.c
--- a/libpurple/protocols/mxit/markup.c
+++ b/libpurple/protocols/mxit/markup.c
@@ -361,7 +361,7 @@
int start;
unsigned int end;
int emo_ofs;
- char ii[128];
+ char* ii;
char tag[64];
int* img_id;
@@ -379,8 +379,7 @@
if ( end == mx->msg->len ) /* end of emoticon tag not found */
break;
- memset( ii, 0x00, sizeof( ii ) );
- memcpy( ii, &mx->msg->str[emo_ofs], end - emo_ofs );
+ ii = g_strndup(&mx->msg->str[emo_ofs], end - emo_ofs);
/* remove inline image tag */
g_string_erase( mx->msg, start, ( end - start ) + 1 );
@@ -396,6 +395,8 @@
g_snprintf( tag, sizeof( tag ), "<img id=\"%i\">", *img_id );
g_string_insert( mx->msg, start, tag );
}
+
+ g_free(ii);
}
}
More information about the Commits
mailing list