NULL pointer dereference in parsing invalid HTML
Luke Schierer
lschiere at pidgin.im
Thu Oct 4 08:58:51 EDT 2007
On Thu, Oct 04, 2007 at 08:39:26AM -0400, Stu Tomlinson wrote:
> Hello packagers,
>
> There is a NULL pointer dereference in purple_markup_html_to_xhtml when
> parsing invalid HTML. This will cause libpurple using IM clients (Finch,
> Pidgin, Adium etc.) to crash if receiving a message containing invalid
> HTML.
>
> I believe the crash can only be triggered if using HTML logging, and it
> requires the remote user to be able to send invalid HTML - I believe
> this is possible on AIM, and probably also possible on some XMPP
> networks. Other protocols may also be affected.
>
> This bug was introduced in Pidgin/libpurple 2.1.0
>
> I have attached a patch that fixes this issue. I have not committed this
> yet because I can't think of a useful commit message that doesn't make
> it obvious that this is a vulnerability.
>
> This was originally reported as http://developer.pidgin.im/ticket/3436
>
> I think we need a CVE # for this, and we might want to release 2.2.2 -
> what do others think?
>
> Regards,
>
>
> Stu.
We have released because of such issues in the past. <!- and � come
to mind.
luke
More information about the Packagers
mailing list