[patch] libpurple/protocols/oscar: OOM and die on misparsed ICQWebMessage as ICQSMS
Yuriy Kaminskiy
yumkam at mail.ru
Fri Jun 12 10:59:02 EDT 2009
Yuriy Kaminskiy wrote:
> I've got number of OOM/abort, and found that when pidgin receive
> chan4/0x1a/ICQWebMessage, it misparses that as ICQSMS, and dies on
> out-of-memory.
> 01) fixes in byte_stream_getstr: early check len for validity (this will
> cause error later anyway), and only then allocate memory.
> 02) fixes in incomingim_chan4/case 0x1a: better checks for expected
> format and errors (and not choke on some unknown gibberish).
Ping. If no-one noticed, this is security problem (just DoS, not remote
access, but nonetheless). At least some equivalent of patches 1 and 2
MUST be applied.
More information about the Devel
mailing list