/pidgin/main: c31cf8de31cd: Fix a crash in Sametime when a malic...
Mark Doliner
mark at kingant.net
Wed Feb 13 09:59:53 EST 2013
Changeset: c31cf8de31cd391dd1b647ba63ec68bfe262589f
Author: Mark Doliner <mark at kingant.net>
Date: 2013-02-11 01:11 -0800
Branch: release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/c31cf8de31cd
Description:
Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID.
This is CVE-2013-0273.
The problem was detected by Coverity static analysis and fixed by
Daniel Atallah.
diffstat:
ChangeLog | 4 ++++
libpurple/protocols/sametime/sametime.c | 2 +-
2 files changed, 5 insertions(+), 1 deletions(-)
diffs (26 lines):
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -55,6 +55,10 @@ version 2.10.7 (02/13/2013):
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
+ Sametime:
+ * Fix a crash in Sametime when a malicious server sends us an abnormally
+ long user ID. (CVE-2013-0273)
+
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
(#15053)
diff --git a/libpurple/protocols/sametime/sametime.c b/libpurple/protocols/sametime/sametime.c
--- a/libpurple/protocols/sametime/sametime.c
+++ b/libpurple/protocols/sametime/sametime.c
@@ -4977,7 +4977,7 @@ static const char *mw_prpl_normalize(con
data. wtf? */
static char buf[BUF_LEN];
- strncpy(buf, id, sizeof(buf));
+ g_strlcpy(buf, id, sizeof(buf));
return buf;
}
More information about the Commits
mailing list