Remote crash
Ethan Blanton
elb at pidgin.im
Wed Jan 16 10:30:04 EST 2013
Daniel Atallah spake unto us the following wisdom:
> > I'm wondering if GtkIMHtml should filter stuff on the way through, in
> > Windows? It sounds like maybe that's not perfect protection (I assume
> > you'd just have to put such a string in an invite or similar), but
> > it'd avoid channel-clearing etc.
>
> Yes, I've been meaning to do something like this. I have an
> incomplete patch that sanitizes problematic characters out of strings
> (similar to what the plugin does).
> I was hoping for a more central location to do this rather than for
> GtkIMHtml, but that may not exist.
What about pidgin_utf8_salvage() and the associated conversion
functions? On Windows, those could perform another pass to sanitize
the string. It's ugly and kind of expensive, but maybe not as
crashy-crashy?
Ethan
More information about the security
mailing list