Possible null pointer dereference in msn httpconn.c

Marius Wachtler undingen at gmail.com
Tue Mar 22 20:26:06 EDT 2011


Hello again

I think there is another null pointer dereference, this time in the
msn protocol. (pidgin 2.7.11 but also in trunk)

File: libpurple/protocols/msn/httpconn.c
Function: msn_httpconn_parse_data()

If there is no SessionID key val pair the variable "full_session_id"
will be null,
but on line 220 strchr() will get called...

>>t = strchr(full_session_id, '.');

This is will crash at least on my linux machine.

I think this can only be triggered by a malicious server therefore
this should not have big consequences.

-- Marius Wachtler


More information about the security mailing list