/pidgin/main: c5f640eaff47: Merged TALOS-CAN-0123
Gary Kramlich
grim at reaperworld.com
Mon Jun 20 20:09:59 EDT 2016
Changeset: c5f640eaff47658b005aa51d56c9c54f2061ec7b
Author: Gary Kramlich <grim at reaperworld.com>
Date: 2016-06-12 22:08 -0500
Branch: release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/c5f640eaff47
Description:
Merged TALOS-CAN-0123
diffstat:
ChangeLog | 2 ++
libpurple/protocols/mxit/markup.c | 19 ++++++++++++-------
2 files changed, 14 insertions(+), 7 deletions(-)
diffs (48 lines):
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,8 @@ version 2.10.13 (MM/DD/YY):
(TALOS-CAN-0118)
* Fixed a remote buffer overflow vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0119)
+ * Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
+ (TALOS-CAN-0123)
version 2.10.12 (12/31/15):
General:
diff --git a/libpurple/protocols/mxit/markup.c b/libpurple/protocols/mxit/markup.c
--- a/libpurple/protocols/mxit/markup.c
+++ b/libpurple/protocols/mxit/markup.c
@@ -1083,7 +1083,6 @@ char* mxit_convert_markup_tx( const char
GList* entry;
GList* tagstack = NULL;
char* reply;
- char color[8];
int len = strlen ( message );
int i;
@@ -1145,12 +1144,18 @@ char* mxit_convert_markup_tx( const char
}
else if ( purple_str_has_prefix( &message[i], "<font color=" ) ) {
/* font colour */
- tag = g_new0( struct tag, 1 );
- tag->type = MXIT_TAG_COLOR;
- tagstack = g_list_append( tagstack, tag );
- memset( color, 0x00, sizeof( color ) );
- memcpy( color, &message[i + 13], 7 );
- g_string_append( mx, color );
+ char color[8];
+
+ /* ensure we have the complete tag: <font color="#123456"> */
+ if ( i + 20 < len ) {
+ tag = g_new0( struct tag, 1 );
+ tag->type = MXIT_TAG_COLOR;
+ tagstack = g_list_append( tagstack, tag );
+
+ memset( color, 0x00, sizeof( color ) );
+ memcpy( color, &message[i + 13], 7 );
+ g_string_append( mx, color );
+ }
}
else if ( purple_str_has_prefix( &message[i], "</font>" ) ) {
/* end of font tag */
More information about the Commits
mailing list