potential information leak in libpurple/cipher.c?
Julia Lawall
julia at diku.dk
Tue Feb 1 10:29:27 EST 2011
On Tue, 1 Feb 2011, Ethan Blanton wrote:
> Julia Lawall spake unto us the following wisdom:
> > In pidgin version 2.7.9, libpurple/cipher.c contains a number of functions
> > like the following, which appear to have the goal of clearing a data
> > structure before freeing it:
>
> [snip]
>
> > The call to memset, however, has as third argument the size of a pointer,
> > and not the size of the data structure referenced by that pointer, and so
> > only the first few bytes of the structure get cleared.
>
> It appears that you are correct. Thank you for your input, and we
> will try to get this fixed in the next release. While this is not an
> immediately exploitable flaw, we take security concerns such as this
> seriously. If you or your organization have an established method for
> disclosure of such flaws, please embargo your disclosure until we have
> a chance to release; we have a release scheduled more or less
> immediately, but I am not sure what its status is. If we do not make
> it into this release, it will likely be a few weeks. We will let you
> know.
>
> Thanks again, and we will keep you updated!
Thanks!
julia
More information about the security
mailing list