Additional Security issues
Daniel Atallah
daniel.atallah at gmail.com
Tue Feb 5 17:11:10 EST 2013
Folks,
There are a number of additional issues that I'm aware of (and have
something of a patch to address).
I think I had eluded to these in my previous email about the coverity analysis.
* CID 732103 - Fix non-NUL terminated buffer during oscar direct
connection negotiation.
** I think this one is pretty severe - my patch is certainly not ideal
* CID 731954, 731953, 731952, 731951, 731950 UPnP buffer overflows
** This is pretty severe too the particular concerning value here is
line 790 - setting the IP from the http response
* CID 731949 - normalizing a really long sametime username overflows buffer
** Not sure if this is possible to trigger over the wire - I'm not
familiar enough with sametime
I meant to send these out a while ago, but didn't get to it. Sorry about that.
-D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CID732103.patch
Type: application/octet-stream
Size: 1008 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130205/3c5ab934/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UPnP.patch
Type: application/octet-stream
Size: 2471 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130205/3c5ab934/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CID731949.patch
Type: application/octet-stream
Size: 637 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130205/3c5ab934/attachment-0002.obj>
More information about the security
mailing list