/pidgin/main: 5077da39b6de: Merge TALOS-CAN-0118
Gary Kramlich
grim at reaperworld.com
Mon Jun 20 20:09:59 EDT 2016
Changeset: 5077da39b6de7c3f22b5dad1d7217593b86101cb
Author: Gary Kramlich <grim at reaperworld.com>
Date: 2016-06-12 22:02 -0500
Branch: release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/5077da39b6de
Description:
Merge TALOS-CAN-0118
diffstat:
ChangeLog | 2 ++
libpurple/protocols/mxit/protocol.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletions(-)
diffs (26 lines):
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,8 @@ version 2.10.13 (MM/DD/YY):
Talos. (TALOS-CAN-0140)
* Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
+ * Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
+ (TALOS-CAN-0118)
version 2.10.12 (12/31/15):
General:
diff --git a/libpurple/protocols/mxit/protocol.c b/libpurple/protocols/mxit/protocol.c
--- a/libpurple/protocols/mxit/protocol.c
+++ b/libpurple/protocols/mxit/protocol.c
@@ -2775,8 +2775,9 @@ void mxit_cb_rx( gpointer user_data, gin
/* the end of the length record found */
session->rx_lbuf[session->rx_i] = '\0';
session->rx_res = atoi( &session->rx_lbuf[3] );
- if ( session->rx_res > CP_MAX_PACKET ) {
+ if ( ( session->rx_res <= 0 ) || ( session->rx_res > CP_MAX_PACKET ) ) {
purple_connection_error( session->con, _( "A connection error occurred to MXit. (read stage 0x03)" ) );
+ return;
}
session->rx_state = RX_STATE_DATA;
session->rx_i = 0;
More information about the Commits
mailing list