[pidgin-security] possible segfault in perl wrapper
Mark Doliner
mark at kingant.net
Sun Apr 14 16:35:14 EDT 2013
On Sun, Apr 14, 2013 at 5:27 AM, Tomasz Wasilczyk
<tomkiewicz at cpw.pidgin.im> wrote:
> Anyway, I see no real possibility to exploit this. I propose simply
> patching it without "security" tag
This sounds good to me.
> by replacing sv_setpv with sv_setpvn
I'm not super familiar with the perl/C API, but where would you do
that? The Network.c file is autogenerated. Maybe you would need to
add a PPCODE block to Network.xs? Maybe just copy the autogenerated
definition from Network.c to Network.xs and make this change?
> and removing it entirely from 3.0.0.
I don't have a strong opinion either way, but if we remove it entirely
it is possible that someone will add it back in the future and make
this same mistake.
More information about the security
mailing list