(Possible) Null pointer deref in oscar protocol may cause pidgin to crash

Mark Doliner mark at kingant.net
Mon Apr 16 02:52:05 EDT 2012


On Sun, Apr 15, 2012 at 6:50 PM, Elliott Sales de Andrade
<qulogic at pidgin.im> wrote:
> On Mon, Mar 26, 2012 at 1:42 AM, Huzaifa Sidhpurwala <huzaifas at redhat.com>
> wrote:
>> 1358         if (!od || !(conn = flap_connection_findbygroup(od,
>> SNAC_FAMILY_LOCATE)))
>>
>> Here on line 1350 od is referenced and then later at 1358 od is checked
>> if its null,
>
> This check does seem to be incorrect.

I agree.

> either the check is spurious or there are more callers
> that need to check `od`

I believe the check is spurious.  "od" is a pretty fundamental data
structure in the oscar prpl.  It's one of the first things created
when an oscar account connects, and it's one of the last things
destroyed when an oscar account is connected.  I believe the code as
currently written guarantees that this function won't be called with a
null od.  I removed the check from our main development branch.

Thanks for reporting this confidentially, Huzaifa!  Luckily it looks
like this time the issue was severe.
--Mark


More information about the security mailing list