Pidgin denial of service with invalid gifs

Mark Doliner mark at kingant.net
Thu Jun 16 04:22:03 EDT 2011


How does the attached patch look to people?  The only really important
functions are the ones that take smileys and buddy icons from remote
users and display them.  We could change only those places... but I
think it's better to change all of them because:
1. It's less time consuming to change them all rather than try to
figure out which ones can be attacked by remote users
2. It's more conclusive to change them all rather than risk
potentially missing a case and having to go through the CVE process
again
3. If we ever copy/paste image loading code from somewhere it DOESN'T
matter to somewhere it DOES matter, we're safer this way
4. The extra log message when an image fails to load is nice.  It
might help us notice when we do dumb things like try to load an image
that doesn't exist

My patch adds helper functions for these functions:
* gdk_pixbuf_new_from_file
* gdk_pixbuf_new_from_file_at_size
* gdk_pixbuf_new_from_file_at_scale
* gdk_pixbuf_loader_write
* gdk_pixbuf_loader_close

The helper functions always pass in a GError and check the return
value.  They log a warning if the image couldn't be loaded.  I maybe
went a little overboard with this fix, and with my debug statements.
Anyone have an opinion on that?  Or see any problems with my patch?

--Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_gdk_pixbuf_gerror.diff
Type: text/x-patch
Size: 31141 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20110616/6d8b8fed/attachment-0001.bin>


More information about the security mailing list