ZDI-CAN-338: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Mark Doliner mark at kingant.net
Thu Jun 26 18:13:42 EDT 2008


On Thu, 26 Jun 2008 13:51:30 -0400, Josh Bressers wrote
> On 26 June 2008, Richard Laager wrote:
> > 
> > On Thu, 2008-06-26 at 12:14 -0500, Mark Doliner wrote:
> > > I think the vulnerability is valid, but I think our fix needs to make sur=
> > e
> > > we're not wrapping back to 0.
> > 
> > Any idea on the right way to do that?
> >
> 
> Look at this:
>
https://www.securecoding.cert.org/confluence/display/seccode/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap
> 
> The whole guide is quite good.
> 
> I'll see about CVE ids hopefully later today.  I've been terribly bogged
> down with other things and I've not found time for this yet.  Sorry.

That would be great.

Thanks,
Mark



More information about the Packagers mailing list