[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]
thoger at redhat.com
Thu Aug 13 08:28:48 EDT 2009
On Wed, 12 Aug 2009 17:38:51 -0700 Mark Doliner <mark at kingant.net>
> Yeah, this seems like it would be a complete absolute fix for this
> problem. How does an slpmsg get to a point where size is set to some
> large value but buffer is NULL?
Probably better to ask "why" rather than "how". For the how part, size
gets copied from the original messages to ack message in
msn_slplink_send_ack(). I don't dare to comment on the why part though.
More information about the Packagers