Remote crash in Finch
Sadrul Habib Chowdhury
sadrul at pidgin.im
Tue Feb 9 12:56:08 EST 2010
Hi. There seems to be a bug in finch that can cause a crash, and it can be
In an XMPP MUC, if someone changes the nick to '<br>' (using '/nick <br>'
for example), then libpurple ends up having two users with username '\n'
in the room. Right now (upto version 2.6.5), finch doesn't do any checks
for duplicate usernames in a room, and it crashes in this situation.
The bug in the XMPP prpl is reported in #11318. It causes multiple users
with empty names ('\n') in the userlist in pidgin, but as far as I know,
it causes a crash only in finch.
Attached is a patch that fixes the crash in finch. But it does not fix
How do we deal with this issue? From the looks of things, it appears
the remote exploitability in finch is still 'unknown', and we can
probably get away with a scheduled release of 2.6.6 in a week's time. In
the meantime, I believe we should request for a CVE# and notify the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 631 bytes
Desc: not available
More information about the security