Fwd: FYI: Remote DOS in Pidgin 2.2.0 over MSN
Luke Schierer
lschiere at pidgin.im
Thu Sep 27 20:43:58 EDT 2007
----- Forwarded message from Evan Schoenberg <evands at pidgin.im> -----
Date: Thu, 27 Sep 2007 20:38:50 -0400
From: Evan Schoenberg <evands at pidgin.im>
To: Sean Egan <seanegan at gmail.com>, Mark Doliner <mark at kingant.net>
Cc: Luke Schierer <lschiere at pidgin.im>
Subject: FYI: Remote DOS in Pidgin 2.2.0 over MSN
An MSN nudge sent from a previously unknown buddy causes an immediate
crash in libpurple 2.2.0. I fixed this in
a5dd91b5d76972cf72a56209503c7e32d71c6e3c - I wasn't sure how best to
note the fix without advertising the DOS, so my log message:
serv_got_attention() doesn't expect an escaped string; it just wants a
name. The str variable was unused.
is true but incomplete, as I didn't note that this also fixes the
crash. With the previous code, buddy was NULL for an unknown remote
user; NULL was then dereferenced to get the name for passing to
serv_got_attention().
What's the proper protocol for handling this sort of thing?
Cheers,
Evan
----- End forwarded message -----
More information about the Packagers
mailing list