Remotely-triggerable crash in oscar xstatus code

John Bailey rekkanoryo at
Wed Jun 23 01:53:29 EDT 2010

On 06/18/2010 09:18 PM, Mark Doliner wrote:
> Problem #1 (the remotely-triggerable crash):
> The crash happens when a buddy sets an xstatus message containing <desc>
> but no closing </desc>, or <title> but no closing </title>.  The fix
> is to check the result of strstr(closing_tag_name) and do nothing if it
> is NULL.

I haven't produced this crash, but seeing the old code and your patch, it's
pretty obvious this would crash.  The fix looks correct.

As for the other problems, I'm less concerned about them.  That said, although
I'm no expert on this OSCAR stuff (hey, isn't that your department? :-P ), the
rest of the patch looks reasonable enough to me.

The code compiles and runs.  My vote is to proceed.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the security mailing list