/pidgin/main: 9eb08b587d95: MXit: Ealier versions of GLib may ca...

Wed Mar 6 06:26:44 EST 2013

Changeset: 9eb08b587d95c0edd73632febd8bfc39f9e5ff0e
Author:	 Andrew Victor <andrew.victor at mxit.com>
Date:	 2013-03-06 13:26 +0200
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/9eb08b587d95

Description:

MXit: Ealier versions of GLib may cause purple_base64_decode() to return NULL.
The local user could crash Pidgin by modifying the UserId when adding a
contact via search-results.

Thanks to Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen for finding the issue.

diffstat:

 libpurple/protocols/mxit/formcmds.c |  2 ++
 libpurple/protocols/mxit/roster.c   |  6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diffs (28 lines):

diff --git a/libpurple/protocols/mxit/formcmds.c b/libpurple/protocols/mxit/formcmds.c
--- a/libpurple/protocols/mxit/formcmds.c
+++ b/libpurple/protocols/mxit/formcmds.c
@@ -412,6 +412,8 @@ static void command_imagestrip(struct MX
 
 		/* base64 decode the image data */
 		rawimg = purple_base64_decode(tmp, &rawimglen);
+		if (!rawimg)
+			return;
 
 		/* save it to a file */
 		dir = g_build_filename(purple_user_dir(), "mxit", "imagestrips", NULL);
diff --git a/libpurple/protocols/mxit/roster.c b/libpurple/protocols/mxit/roster.c
--- a/libpurple/protocols/mxit/roster.c
+++ b/libpurple/protocols/mxit/roster.c
@@ -750,8 +750,10 @@ void mxit_add_buddy( PurpleConnection* g
 
 		if ( buddy_name[0] == '#' ) {
 			gchar *tmp = (gchar*) purple_base64_decode( buddy_name + 1, NULL );
-			mxit_send_invite( session, tmp, FALSE, buddy_alias, group_name, message );
-			g_free( tmp );
+			if ( tmp ) {
+				mxit_send_invite( session, tmp, FALSE, buddy_alias, group_name, message );
+				g_free( tmp );
+			}
 		}
 		else
 			mxit_send_invite( session, buddy_name, TRUE, buddy_alias, group_name, message );

