[pidgin-security] possible segfault in perl wrapper

Tomasz Wasilczyk tomkiewicz at cpw.pidgin.im
Sun Apr 14 19:06:50 EDT 2013

2013/4/14 Mark Doliner <mark at kingant.net>:
>> by replacing sv_setpv with sv_setpvn
> I'm not super familiar with the perl/C API, but where would you do
> that?  The Network.c file is autogenerated.  Maybe you would need to
> add a PPCODE block to Network.xs?  Maybe just copy the autogenerated
> definition from Network.c to Network.xs and make this change?

I'll copy autogenerated code, clean it up and fix.

>> and removing it entirely from 3.0.0.
> I don't have a strong opinion either way, but if we remove it entirely
> it is possible that someone will add it back in the future and make
> this same mistake.

I've looked at this once more and I think that purple_network_ip_atoi
is totally useless. It returns an 4-byte array, instead of single
integer value. This format is used only for oscar protocol.

I suggest (for 3.0.0):
- removing purple_network_ip_atoi from network.c (and API) at all (and
replace its only usage with regexp check).
- removing it from perl API too
- putting it as static function to oscar's peer.c (the only sensible usage).


More information about the security mailing list