Remote crash in Finch
Sadrul Habib Chowdhury
sadrul at pidgin.im
Tue Feb 9 12:56:08 EST 2010
Hi. There seems to be a bug in finch that can cause a crash, and it can be
triggered remotely.
In an XMPP MUC, if someone changes the nick to '<br>' (using '/nick <br>'
for example), then libpurple ends up having two users with username '\n'
in the room. Right now (upto version 2.6.5), finch doesn't do any checks
for duplicate usernames in a room, and it crashes in this situation.
The bug in the XMPP prpl is reported in #11318. It causes multiple users
with empty names ('\n') in the userlist in pidgin, but as far as I know,
it causes a crash only in finch.
Attached is a patch that fixes the crash in finch. But it does not fix
#11318.
How do we deal with this issue? From the looks of things, it appears
the remote exploitability in finch is still 'unknown', and we can
probably get away with a scheduled release of 2.6.6 in a week's time. In
the meantime, I believe we should request for a CVE# and notify the
packagers?
Cheers,
Sadrul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: finch-xmpp-br.patch
Type: text/x-diff
Size: 631 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100209/9b01278c/attachment.patch>
More information about the security
mailing list