Possible null pointer dereference in msn httpconn.c
Marius Wachtler
undingen at gmail.com
Tue Mar 22 20:26:06 EDT 2011
Hello again
I think there is another null pointer dereference, this time in the
msn protocol. (pidgin 2.7.11 but also in trunk)
File: libpurple/protocols/msn/httpconn.c
Function: msn_httpconn_parse_data()
If there is no SessionID key val pair the variable "full_session_id"
will be null,
but on line 220 strchr() will get called...
>>t = strchr(full_session_id, '.');
This is will crash at least on my linux machine.
I think this can only be triggered by a malicious server therefore
this should not have big consequences.
-- Marius Wachtler
More information about the security
mailing list