Pidgin / lib purple XMPP remote crash
Paul Aurich
darkrain42 at pidgin.im
Fri Apr 20 01:20:37 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Elliott: Thanks for the nudge
José: Thank you for the excellent report (effusive praise incoming)
So, I think you've identified something which has been bugging (pun
intended) me for a while via various folks, and which I've never been
able to reproduce (and code inspection repeatedly indicated it shouldn't
be possible). So I'm gleeful right now, despite this being a remote crasher.
And José Valentín Gutierrez Boquete spoke on 04/15/2012 11:40 PM, saying:
> On Mon, Apr 9, 2012 at 2:19 PM, jv.gutierrezb at gmail.com
> <mailto:jv.gutierrezb at gmail.com> <jv.gutierrezb at gmail.com
> <mailto:jv.gutierrezb at gmail.com>> wrote:
>
> After the stream host #3 is used to transfer successfully the file and
> jsx freed, jabber_si_bytestreams_connect_cb is invoked to inform of
> the timeout of stream host #1 and tries to use jsx, but jsx is
> pointing to NULL.
I think the attached patch should fix this, though I am not actually
seeing crashes (without my fixes in, I just get the "Data has gone out of
scope :(" error). Unless I'm missing something, the only way this would
crash is if there is a valid PurpleProxyConnectData that was allocated at
the same address at the time the socket timeout (from the OS) is triggered.
If you have the capability to build WinPidgin (or can test on a Linux
system), would you mind testing the patch? (If you don't have a build
environment, I think one of our developers with such could build up a new
.dll)
There's some added diagnostic logging in here -- if the patch doesn't fix
it, I have a more detailed patch (been sitting in my working tree for a
while) I can provide.
> Mitre has assigned the CVE 2012-2214 to this bug. The bug isn't public
> and I'll only make it public after the bug is fixed.
As Elliott noted, it's already ~public. I am nearly positive there are a
number of other instances of this crash on trac.
> Regards, José Valentín Gutiérrez -- Elliott aka QuLogic Pidgin
> developer
Cheers,
- --
Paul Aurich
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJPkPIkAAoJEEkfeuGm+zD3hwwQAMCUNKrK2fIqNlk+hRio4PSk
1i+FDINbP2fU5Lp95WRhilb0Ypyi+xnHj3FoyzCC3JVs3GNzBq0ZBWMmXLJGTJFM
aj3JQlGJY2018k9RrhPkyqr5/mfeSHlmZR5qd1v3mhrweAGJkClwa8Ct73aj72iN
JF/DoUDgBeoscHfqMzD5hBG38FAGJqvVphm1Q6X0Gv8Nk4//e9+1wC85t1lXPONY
oqU2e2EXY91DLlGY85dGlyU65kQVJix/9vz13LKPmEnPhq79m4QoILt9BWHAqvKr
U7p4UiwcCR2eHG0efr1M8YYTRH4uzv67V5f+xzaHpyHSY37sRGKgzEZfk8vBdBOX
6j3xtmN7vYGuYeqjPoRYq5lh05+oRrgUOS7y8j8HGC8g7hdxLnrBokpAR/d3w/RW
b1XiGCynI0QQ5SG849YqpgndkH2Z+D+aNaij/zHXv8xxoaF16X2n0bDkRjkMvtp1
1WXZikoU/C2QQ5CtdAZGjqCSTBNRbu1SkSrZIGOJUmm7sd+YHIEpdO1YYuNSwbkn
HjfO3hfMkCmjI2Vm3mNa6V+AXjLOzjK1yFSKobqKZjn+A/MKYr1N2h4u70fPct/6
ub3LvsNK/3RWj2+jzm1N05ZCC3nK1GRgwcdNsQakkMuinaWoKUItBf0SA0BIVi1F
7fBD4OlgWQ34qgXAvDtn
=yfEN
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2012-2144-proxy.c.patch
Type: text/x-patch
Size: 2650 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120419/667a3d4f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2012-2144-proxy.c.patch.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120419/667a3d4f/attachment.pgp>
More information about the security
mailing list