[pidgin-security] possible segfault in perl wrapper

Mark Doliner mark at kingant.net
Sun Apr 14 16:35:14 EDT 2013

On Sun, Apr 14, 2013 at 5:27 AM, Tomasz Wasilczyk
<tomkiewicz at cpw.pidgin.im> wrote:
> Anyway, I see no real possibility to exploit this. I propose simply
> patching it without "security" tag

This sounds good to me.

> by replacing sv_setpv with sv_setpvn

I'm not super familiar with the perl/C API, but where would you do
that?  The Network.c file is autogenerated.  Maybe you would need to
add a PPCODE block to Network.xs?  Maybe just copy the autogenerated
definition from Network.c to Network.xs and make this change?

> and removing it entirely from 3.0.0.

I don't have a strong opinion either way, but if we remove it entirely
it is possible that someone will add it back in the future and make
this same mistake.

More information about the security mailing list