Remotely-triggerable crash in oscar xstatus code
rekkanoryo at rekkanoryo.org
Wed Jun 23 01:53:29 EDT 2010
On 06/18/2010 09:18 PM, Mark Doliner wrote:
> Problem #1 (the remotely-triggerable crash):
> The crash happens when a buddy sets an xstatus message containing <desc>
> but no closing </desc>, or <title> but no closing </title>. The fix
> is to check the result of strstr(closing_tag_name) and do nothing if it
> is NULL.
I haven't produced this crash, but seeing the old code and your patch, it's
pretty obvious this would crash. The fix looks correct.
As for the other problems, I'm less concerned about them. That said, although
I'm no expert on this OSCAR stuff (hey, isn't that your department? :-P ), the
rest of the patch looks reasonable enough to me.
The code compiles and runs. My vote is to proceed.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the security