[patch] potential integer overflow in libpurple/protocols/oscar/byte_stream.c (Was: FYI: 7e159eaa14b0041fcc3ee5783cd1e4f2d039a1a1 (included in pidgin-2.7.2) is unneeded cruft)

[Paul Aurich]

On 2010-08-03 20:30, Yuriy M. Kaminskiy wrote:
> Quick patch attached (I think better fix should change byte_stream_* prototypes
> to unsigned or size_t len [but this requires more code review]); also, while I'm
> sure this patch cannot make situation /worse/, careful look at all callsites
> required, this is not something "ready for inclusion";
> and I have a feeling there are many other places where byte_stream_getle*
> returning negative result can be problematic.

FWIW, I believe I recommended to Ivan that he change all these to to be
g_return_if_fails, and I still think that change might be reasonable on
i.p.p.

I didn't look closely at the bounds checking he changed, or pull back up
the patch from 2.5.8.  Given that he reproduced/patched it at least
once, we might also give him Jan's backtrace, in case he can gain
insight.  I'll ping Jan OOB to check if he's OK with that.

~Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100803/68ac4bf9/attachment.pgp>