/pidgin/main: 2a77da513a03: msn: prevent potential heap overflow...
Daniel Atallah
datallah at pidgin.im
Tue Jan 28 10:38:09 EST 2014
Changeset: 2a77da513a0358eff14c6d517489bfd44b0e4551
Author: Daniel Atallah <datallah at pidgin.im>
Date: 2013-11-09 16:47 -0500
Branch: release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/2a77da513a03
Description:
msn: prevent potential heap overflow when constructing a message to be sent
* Thanks goes to Matt Jones for noticing this
diffstat:
libpurple/protocols/msn/msg.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diffs (18 lines):
diff --git a/libpurple/protocols/msn/msg.c b/libpurple/protocols/msn/msg.c
--- a/libpurple/protocols/msn/msg.c
+++ b/libpurple/protocols/msn/msg.c
@@ -366,11 +366,12 @@ msn_message_gen_payload(MsnMessage *msg,
n += strlen(n);
}
- n += g_strlcpy(n, "\r\n", end - n);
+ if ((end - n) > 2)
+ n += g_strlcpy(n, "\r\n", end - n);
body = msn_message_get_bin_data(msg, &body_len);
- if (body != NULL)
+ if (body != NULL && (end - n) > body_len)
{
memcpy(n, body, body_len);
n += body_len;
More information about the Commits
mailing list