[pidgin-security] possible segfault in perl wrapper
Tomasz Wasilczyk
tomkiewicz at cpw.pidgin.im
Sun Apr 14 19:06:50 EDT 2013
2013/4/14 Mark Doliner <mark at kingant.net>:
>> by replacing sv_setpv with sv_setpvn
>
> I'm not super familiar with the perl/C API, but where would you do
> that? The Network.c file is autogenerated. Maybe you would need to
> add a PPCODE block to Network.xs? Maybe just copy the autogenerated
> definition from Network.c to Network.xs and make this change?
I'll copy autogenerated code, clean it up and fix.
>> and removing it entirely from 3.0.0.
>
> I don't have a strong opinion either way, but if we remove it entirely
> it is possible that someone will add it back in the future and make
> this same mistake.
I've looked at this once more and I think that purple_network_ip_atoi
is totally useless. It returns an 4-byte array, instead of single
integer value. This format is used only for oscar protocol.
I suggest (for 3.0.0):
- removing purple_network_ip_atoi from network.c (and API) at all (and
replace its only usage with regexp check).
- removing it from perl API too
- putting it as static function to oscar's peer.c (the only sensible usage).
Tomek
More information about the security
mailing list