/pidgin/main: 4c897372b5a4: Mxit: fix a possible segfault, refs ...

[Tomasz Wasilczyk]

Changeset: 4c897372b5a485d8c82607fd2ac46161418c43e1
Author:	 Tomasz Wasilczyk <twasilczyk at pidgin.im>
Date:	 2014-01-09 21:45 +0100
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/4c897372b5a4

Description:

Mxit: fix a possible segfault, refs VRT-2013-1002

diffstat:

 libpurple/protocols/mxit/markup.c |  18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diffs (35 lines):

diff --git a/libpurple/protocols/mxit/markup.c b/libpurple/protocols/mxit/markup.c
--- a/libpurple/protocols/mxit/markup.c
+++ b/libpurple/protocols/mxit/markup.c
@@ -203,7 +203,8 @@ static unsigned int asn_getlength( const
  */
 static int asn_getUtf8( const gchar* data, gchar type, char** utf8 )
 {
-	int		len;
+	unsigned int len;
+	gchar *out_str;
 
 	/* validate the field type [1 byte] */
 	if ( data[0] != type ) {
@@ -212,10 +213,17 @@ static int asn_getUtf8( const gchar* dat
 		return -1;
 	}
 
-	len = data[1];						/* length field [1 bytes] */
-	*utf8 = g_malloc( len + 1 );
-	memcpy( *utf8, &data[2], len );		/* data field */
-	(*utf8)[len] = '\0';
+	len = (uint8_t)data[1]; /* length field [1 byte] */
+	out_str = g_malloc(len + 1);
+	if (out_str == NULL) {
+		purple_debug_fatal(MXIT_PLUGIN_ID, "asn_getUtf8: out of memory");
+		return -1;
+	}
+
+	memcpy(out_str, &data[2], len); /* data field */
+	out_str[len] = '\0';
+
+	*utf8 = out_str;
 
 	return ( len + 2 );
 }