(Possible) Null pointer deref in oscar protocol may cause pidgin to crash

[Huzaifa Sidhpurwala]

On 04/16/2012 12:22 PM, Mark Doliner wrote:

> Thanks for reporting this confidentially, Huzaifa!  Luckily it looks
> like this time the issue was severe.


Thanks for looking into this, i found one more null pointer deref
again not sure if its exploitable.

In pidgin-2.10.2/libpurple/protocols/silc/ft.c:219


212 static void
213 silcpurple_ftp_request_result(PurpleXfer *x)
214 {
215         SilcPurpleXfer xfer = x->data;
216         SilcClientFileError status;
217         PurpleConnection *gc = xfer->sg->gc;
218         SilcClientConnectionParams params;
219         gboolean local = xfer->hostname ? FALSE : TRUE;
220         char *local_ip = NULL, *remote_ip = NULL;
221         SilcSocket sock;
222
223         if (purple_xfer_get_status(x) != PURPLE_XFER_STATUS_ACCEPTED)
224                 return;
225         if (!xfer)
226                 return;

Here again xfer is referenced and then checked if its NULL in line 225



-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team