remote crasher in the IRC WHO changes

Paul Aurich paul at darkrain42.org
Wed Jul 6 21:18:52 EDT 2011


And Ethan Blanton spoke on 07/06/2011 03:27 PM, saying:
> Exploiting this crasher (and I believe it is only a crasher; NULL
> pointer dereferences or invalid UTF-8 strings are the culprits)
> requires a complicit server for NULL pointer dereferences, but I
> believe can be triggered with bogus nicknames on some servers which
> allow non-ASCII nicks.  (This is #14341.)
> 
> A patch which I believe fixes the WHO parsing errors is available from:
> 
>     http://pidgin.im/~elb/private/irc_who_fix.diff
> 
> I suspect we want to embargo this for 2.9.1.
> 
> Paul, you seem to have reproduced the bug in #14341, can you try this
> patch and see if it fixes it?

Yes, though as best as I can tell, it's only a specific user in a room that
triggers it, so I have to wait for that person to show up before I can test it.

> 
> Ethan
> 

~Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110706/1560a4b1/attachment.pgp>


More information about the security mailing list