Remote crash in Finch

Sadrul Habib Chowdhury sadrul at
Tue Feb 9 12:56:08 EST 2010

Hi. There seems to be a bug in finch that can cause a crash, and it can be
triggered remotely.

In an XMPP MUC, if someone changes the nick to '<br>' (using '/nick <br>'
for example), then libpurple ends up having two users with username '\n'
in the room. Right now (upto version 2.6.5), finch doesn't do any checks
for duplicate usernames in a room, and it crashes in this situation.

The bug in the XMPP prpl is reported in #11318. It causes multiple users
with empty names ('\n') in the userlist in pidgin, but as far as I know,
it causes a crash only in finch.

Attached is a patch that fixes the crash in finch. But it does not fix

How do we deal with this issue? From the looks of things, it appears
the remote exploitability in finch is still 'unknown', and we can
probably get away with a scheduled release of 2.6.6 in a week's time. In
the meantime, I believe we should request for a CVE# and notify the


-------------- next part --------------
A non-text attachment was scrubbed...
Name: finch-xmpp-br.patch
Type: text/x-diff
Size: 631 bytes
Desc: not available
URL: <>

More information about the security mailing list