NULL pointer dereference in parsing invalid HTML

Warren Togami wtogami at redhat.com
Thu Oct 4 09:31:03 EDT 2007


Luke Schierer wrote:
> On Thu, Oct 04, 2007 at 08:39:26AM -0400, Stu Tomlinson wrote:
>> Hello packagers,
>>
>> There is a NULL pointer dereference in purple_markup_html_to_xhtml when
>> parsing invalid HTML. This will cause libpurple using IM clients (Finch,
>> Pidgin, Adium etc.) to crash if receiving a message containing invalid
>> HTML.
>>
>> I believe the crash can only be triggered if using HTML logging, and it
>> requires the remote user to be able to send invalid HTML - I believe
>> this is possible on AIM, and probably also possible on some XMPP
>> networks. Other protocols may also be affected.
>>
>> This bug was introduced in Pidgin/libpurple 2.1.0
>>
>> I have attached a patch that fixes this issue. I have not committed this
>> yet because I can't think of a useful commit message that doesn't make
>> it obvious that this is a vulnerability.
>>
>> This was originally reported as http://developer.pidgin.im/ticket/3436
>>
>> I think we need a CVE # for this, and we might want to release 2.2.2 -
>> what do others think?
>>
>> Regards,
>>
>>
>> Stu.
> 
> We have released because of such issues in the past.  <!- and &#00; come
> to mind.
> 

Somebody better get started on the 2.2.2 logo. =)

Warren



More information about the Packagers mailing list