buffer overflow in command line
Ethan Blanton
elb at pidgin.im
Mon Nov 22 12:11:58 EST 2010
Eugene Egorow spake unto us the following wisdom:
> parameter length is about 13660 bytes
A couple of things:
1) This isn't really a security issue, as Pidgin is not installed
setuid/setgid/etc. It's simply a bug.
2) I haven't dug into it, but the option in question is handed off to
X11 libraries, and it's quite possible (or even probable) that the
actual bug is in those libraries. The Pidgin path for processing
of -s contains no length-dependent code.
I see no reason that this bug can't simply be filed in the tracker,
although if the crash is in libSM there's not a lot we can do about
it.
Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20101122/3e5b7182/attachment.pgp>
More information about the security
mailing list