Buffer overflow in MXit image command

[Pieter Loubser]

Hi Mark and Ulf,



On Sat, 2012-06-30 at 20:31 -0700, Mark Doliner wrote:
> (The information contained in this email is sensitive--please do not
> publicly disclose it until an agreed upon date!)
> 
> On Tue, May 29, 2012 at 7:28 AM, Ulf Härnhammar <ulfharn at gmail.com> wrote:
> > Any news on this?
> 
> Hi Ulf,
> 
> I'm sorry we've been so unresponsive.  My only excuse is that we're
> all busy people and working on Pidgin is often deprioritized behind
> other life events.  We really are grateful that you reported this to
> us privately--thank you!


Thank you Ulf and Mark for letting us know about this security issue
within the Mxit plugin code, its much appreciated!



> I've forwarded the previous emails from this thread to the two
> developers who own the MXit code and I've included them on this reply.
> 
> I've written and attached a patch that I believe fixes this problem.
> I changed the code to allocate a buffer rather than used memory from
> the stack.  This is of course less performant, but I suspect it
> doesn't matter in this case.  Does this patch look good to people?
> Andrew?  Pieter?


We are happy with your suggested patch, so yes you can please use it to
make the fix.



> Assuming the patch is acceptable to everyone, I propose:
> - An announcement and release embargo date of 2012-07-05 16:00 UTC
> (9am PDT) (about five days from now).
> - I'll build Pidgin 2.10.5 based on our 2.x.y branch and containing this patch.
> - I'll email the patch and 2.10.5 tarballs to our packagers at pidgin.im
> mailing list so that OS distributions can prepare their own updated
> packages
> - I'll request a CVE from the packagers at pidgin.im mailing list (Red
> Hat has a few people on that list who can issue CVEs to us)
> 
> Does that sound ok to everyone?


Thanks for the effort Mark. Your plan sounds good to us. Lets get it
done, and please keep us informed of the progress.



Kind regards,

Pieter