NULL pointer dereference in parsing invalid HTML
Stu Tomlinson
stu at nosnilmot.com
Thu Oct 4 08:39:26 EDT 2007
Hello packagers,
There is a NULL pointer dereference in purple_markup_html_to_xhtml when
parsing invalid HTML. This will cause libpurple using IM clients (Finch,
Pidgin, Adium etc.) to crash if receiving a message containing invalid
HTML.
I believe the crash can only be triggered if using HTML logging, and it
requires the remote user to be able to send invalid HTML - I believe
this is possible on AIM, and probably also possible on some XMPP
networks. Other protocols may also be affected.
This bug was introduced in Pidgin/libpurple 2.1.0
I have attached a patch that fixes this issue. I have not committed this
yet because I can't think of a useful commit message that doesn't make
it obvious that this is a vulnerability.
This was originally reported as http://developer.pidgin.im/ticket/3436
I think we need a CVE # for this, and we might want to release 2.2.2 -
what do others think?
Regards,
Stu.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin-2.1.0-html-null-deref.patch
Type: text/x-patch
Size: 793 bytes
Desc: not available
Url : http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20071004/f0eddc79/attachment.bin
More information about the Packagers
mailing list