Buffer overflow in MXit image command

Mark Doliner mark at kingant.net
Sat Jun 30 23:31:34 EDT 2012


(The information contained in this email is sensitive--please do not
publicly disclose it until an agreed upon date!)

On Tue, May 29, 2012 at 7:28 AM, Ulf Härnhammar <ulfharn at gmail.com> wrote:
> Any news on this?

Hi Ulf,

I'm sorry we've been so unresponsive.  My only excuse is that we're
all busy people and working on Pidgin is often deprioritized behind
other life events.  We really are grateful that you reported this to
us privately--thank you!

I've forwarded the previous emails from this thread to the two
developers who own the MXit code and I've included them on this reply.

I've written and attached a patch that I believe fixes this problem.
I changed the code to allocate a buffer rather than used memory from
the stack.  This is of course less performant, but I suspect it
doesn't matter in this case.  Does this patch look good to people?
Andrew?  Pieter?

Assuming the patch is acceptable to everyone, I propose:
- An announcement and release embargo date of 2012-07-05 16:00 UTC
(9am PDT) (about five days from now).
- I'll build Pidgin 2.10.5 based on our 2.x.y branch and containing this patch.
- I'll email the patch and 2.10.5 tarballs to our packagers at pidgin.im
mailing list so that OS distributions can prepare their own updated
packages
- I'll request a CVE from the packagers at pidgin.im mailing list (Red
Hat has a few people on that list who can issue CVEs to us)

Does that sound ok to everyone?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_mxit_inline_image_buffer_overflow_v1.diff
Type: application/octet-stream
Size: 865 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120630/ca66c490/attachment.obj>


More information about the security mailing list