MXit security flaws
Mark Doliner
mark at kingant.net
Tue Jan 29 14:13:16 EST 2013
On Tue, Jan 29, 2013 at 4:47 AM, Andrew Victor <Andrew.Victor at mxit.com> wrote:
>>>> CID 732102: (This is the most critical one)
>>>
>>> Definitely a valid issue that needs fixing, and as you pointed out a
>>> possible buffer overrun.
>
>> Eek. I took a stab at fixing this.
>
> Pieter Loubser sent through a patch about two weeks ago, but I see now it
> was only sent to Daniel.
>
> I have attached the patch.
> It's a minimally invasive change since we were also hoping to replace all
> that code in 3.0.0 with the new standard HTTP client code.
This looks good to me. I'll use this when I eventually make the build.
> For testing just note you need to enable "Connect via HTTP" option in the
> Account -> Advanced tab. HTTP is not the default connection method.
Ok, thanks.
>>>> CID 732105:
>>>> * Copy into fixed size buffer. In mxit_encrypt_password: A source
>>>> buffer of statically unknown size is copied into a fixed-size
>>>> destination buffer
>> This wasn't a security problem, right? As in, it wasn't possible for
>> a remote user or remote server to cause this field to overflow, right?
>
> This looks like a potential buffer overflow if the user entered a too long
> (> 57 character) password.
Right, so a Pidgin user could crash himself, but there's no danger of
a remote-user triggering this crash in a local Pidgin instance.
> When do you plan to make the 2.10.7 release?
I'm thinking maybe 2 weeks from now? We still need to fix another
issue, then notify Linux distributions and give them time to build
patched packages.
More information about the security
mailing list