Buffer overflow in Pidgin MXit protocol plugin

Mark Doliner mark at kingant.net
Tue Jul 3 20:41:12 EDT 2012


On Tue, Jul 3, 2012 at 6:05 AM, Jan Lieskovsky <jlieskov at redhat.com> wrote:
> Mark / Ulf, do you possibly have a reproducer (crafted RX message data /
> emoticon tag), which could be used to reproduce this flaw in our own
> lab testing environment?

At their request I sent Jan and Ari the same proof of concept that Ulf
provided to us (hope you don't mind, Ulf!).  Two notes:
- The zip file doesn't create a subdirectory when you unzip it, so you
might want to make one of your own first (but it only contains 4
files, so it's not too bad).
- The zip file includes usage instructions in a README, but I wasn't
able to get it to trigger a crash for me.  I WAS able to create two
new MXit accounts.  Running the php script gave me the error "end of
file," and I'm not sure why.



More information about the Packagers mailing list