ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Sean Egan seanegan at gmail.com
Wed Jul 2 14:47:54 EDT 2008


On Thu, Jun 26, 2008 at 10:51 AM, Josh Bressers <bressers at redhat.com> wrote:
> On 26 June 2008, Richard Laager wrote:
>>
>> On Thu, 2008-06-26 at 12:14 -0500, Mark Doliner wrote:
>> > I think the vulnerability is valid, but I think our fix needs to make sur=
>> e
>> > we're not wrapping back to 0.
>>
>> Any idea on the right way to do that?
>>
>
> Look at this:
> https://www.securecoding.cert.org/confluence/display/seccode/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap
>
> The whole guide is quite good.

I just discovered http://code.google.com/p/safe-iop/ which is derived
from that guide. It may be useful to include it.

-s.



More information about the Packagers mailing list