/pidgin/main: c31cf8de31cd: Fix a crash in Sametime when a malic...

Mark Doliner mark at kingant.net
Wed Feb 13 09:59:53 EST 2013


Changeset: c31cf8de31cd391dd1b647ba63ec68bfe262589f
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2013-02-11 01:11 -0800
Branch:	 release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd

Description:

Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID.

This is CVE-2013-0273.

The problem was detected by Coverity static analysis and fixed by
Daniel Atallah.

diffstat:

 ChangeLog                               |  4 ++++
 libpurple/protocols/sametime/sametime.c |  2 +-
 2 files changed, 5 insertions(+), 1 deletions(-)

diffs (26 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -55,6 +55,10 @@ version 2.10.7 (02/13/2013):
 	* Increase the maximum file size that can be transferred to 1 MB.
 	* When setting an avatar image, no longer downscale it to 96x96.
 
+	Sametime:
+	* Fix a crash in Sametime when a malicious server sends us an abnormally
+	  long user ID. (CVE-2013-0273)
+
 	Yahoo!:
 	* Fix a double-free in profile/picture loading code. (Mihai Serban)
 	  (#15053)
diff --git a/libpurple/protocols/sametime/sametime.c b/libpurple/protocols/sametime/sametime.c
--- a/libpurple/protocols/sametime/sametime.c
+++ b/libpurple/protocols/sametime/sametime.c
@@ -4977,7 +4977,7 @@ static const char *mw_prpl_normalize(con
      data. wtf? */
 
   static char buf[BUF_LEN];
-  strncpy(buf, id, sizeof(buf));
+  g_strlcpy(buf, id, sizeof(buf));
   return buf;
 }
 



More information about the Commits mailing list