[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Tomas Hoger thoger at redhat.com
Thu Aug 13 08:28:48 EDT 2009


On Wed, 12 Aug 2009 17:38:51 -0700 Mark Doliner <mark at kingant.net>
wrote:

> Yeah, this seems like it would be a complete absolute fix for this
> problem.  How does an slpmsg get to a point where size is set to some
> large value but buffer is NULL?

Probably better to ask "why" rather than "how".  For the how part, size
gets copied from the original messages to ack message in
msn_slplink_send_ack().  I don't dare to comment on the why part though.

-- 
Tomas Hoger



More information about the Packagers mailing list