potential information leak in libpurple/cipher.c?
Ethan Blanton
elb at pidgin.im
Tue Feb 1 10:19:40 EST 2011
Julia Lawall spake unto us the following wisdom:
> In pidgin version 2.7.9, libpurple/cipher.c contains a number of functions
> like the following, which appear to have the goal of clearing a data
> structure before freeing it:
[snip]
> The call to memset, however, has as third argument the size of a pointer,
> and not the size of the data structure referenced by that pointer, and so
> only the first few bytes of the structure get cleared.
It appears that you are correct. Thank you for your input, and we
will try to get this fixed in the next release. While this is not an
immediately exploitable flaw, we take security concerns such as this
seriously. If you or your organization have an established method for
disclosure of such flaws, please embargo your disclosure until we have
a chance to release; we have a release scheduled more or less
immediately, but I am not sure what its status is. If we do not make
it into this release, it will likely be a few weeks. We will let you
know.
Thanks again, and we will keep you updated!
Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110201/ace2ae13/attachment.pgp>
More information about the security
mailing list