(Possible) Null pointer deref in oscar protocol may cause pidgin to crash
Huzaifa Sidhpurwala
huzaifas at redhat.com
Mon Mar 26 01:42:43 EDT 2012
Hi Folks,
I was looking through pidgin (2.10-2) code and i found i possible null
pointer deref, not sure if it can be reached via malicious input, but
it does seem likely to me,
In oscar/family_locate.c:1347
1347 aim_locate_setcaps(OscarData *od, guint64 caps)
1348 {
1349 FlapConnection *conn;
1350 PurpleAccount *account = purple_connection_get_account(od->gc);
...
...
1358 if (!od || !(conn = flap_connection_findbygroup(od,
SNAC_FAMILY_LOCATE)))
1359 return -EINVAL;
Here on line 1350 od is referenced and then later at 1358 od is checked
if its null,
Looking at the callers of aim_locate_setcaps, there seems to be a
possibility that "od" can be actually NULL, if this is the case,
it will cause pidgin to crash.
thanks!
--
Huzaifa Sidhpurwala / Red Hat Security Response Team
More information about the security
mailing list