Possible null-pointer dereference in libpurple /protocols/yahoo/libymsg.c
John Bailey
rekkanoryo at rekkanoryo.org
Thu Feb 24 20:16:34 EST 2011
On 02/22/2011 10:46 PM, Marius Wachtler wrote:
> Hello
>
> I think I have found a remote triggerable null-pointer dereference in libpurple.
> Maybe this is a false alert because I found the suspected code only by
> inspection and have not written any real app which tries to crash
> pidgin.
<snip>
> Hope this helps and I have not overlooked something and wasted your time.
Hello, Marius,
Thanks for this report! You have not overlooked anything that I can see. The
specific problem here is we assume that incoming packets will be properly
formed, containing all the expected (necessary) key/value pairs. I'm not sure
if it's actually possible to get a packet malformed in the way you describe to
pass through the server to a remote client. In the interest of safety, I will,
of course, investigate a fix for this.
Since this is something that isn't exactly high-visibility, I'd like to propose
that this vulnerability not be disclosed until 2011-03-10, when I plan to push
the release of Pidgin 2.7.11 with a fix to this issue.
Thanks,
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110224/8f11ea8c/attachment.pgp>
More information about the security
mailing list