Remote crash

Ethan Blanton elb at
Wed Jan 16 10:30:04 EST 2013

Daniel Atallah spake unto us the following wisdom:
> > I'm wondering if GtkIMHtml should filter stuff on the way through, in
> > Windows?  It sounds like maybe that's not perfect protection (I assume
> > you'd just have to put such a string in an invite or similar), but
> > it'd avoid channel-clearing etc.
> Yes, I've been meaning to do something like this.  I have an
> incomplete patch that sanitizes problematic characters out of strings
> (similar to what the plugin does).
> I was hoping for a more central location to do this rather than for
> GtkIMHtml, but that may not exist.

What about pidgin_utf8_salvage() and the associated conversion
functions?  On Windows, those could perform another pass to sanitize
the string.  It's ugly and kind of expensive, but maybe not as


More information about the security mailing list