Additional Security issues
mark at kingant.net
Thu Feb 7 02:19:07 EST 2013
On Wed, Feb 6, 2013 at 5:37 AM, Ethan Blanton <elb at pidgin.im> wrote:
> Mark Doliner spake unto us the following wisdom:
>> On Tue, Feb 5, 2013 at 2:11 PM, Daniel Atallah <daniel.atallah at gmail.com> wrote:
>> > * CID 732103 - Fix non-NUL terminated buffer during oscar direct
>> > connection negotiation.
>> > ** I think this one is pretty severe - my patch is certainly not ideal
>> This is bad and we should fix it (your patch seems ok to me), but I
>> don't think it's a security problem because the local user must have
>> agreed to join the Direct IM session with the remote user. I believe
>> we generally don't request CVE in cases like this.
> If it's just a crasher, I agree -- if it's (potentially) exploitable,
> though, I think it needs a CVE.
I think it's just a crasher. The bug is that we don't null-terminate
a buffer then pass it to purple_strcasestr() and
purple_markup_find_tag(). I don't think there's any opportunity for
someone to write outside of the buffer.
More information about the security