Pidgin 2.10.7 - two issues

Eion Robb eion at robbmob.com
Wed Jul 17 19:06:42 EDT 2013


Looking at the docs for wcstombs() that looks valid, as the 3rd parameter
(number of bytes to write) is 0.  That line of code appears to just be used
to work out the length of the string.

I'm not familiar enough with MSN to know how that works, but I wouldn't be
surprised if 16bytes of entropy is whats required as part of the protocol :)


On 18 July 2013 10:05, Lukas Odzioba <lukas.odzioba at gmail.com> wrote:

> Hi!
> I found two interesting (I hope) things in Pidgin 2.10.7 sources.
>
> finch/libgnt/gntwm.c: 997: - null pointer dereference
> len = wcstombs(NULL, wide, 0) + 1;
>
> First arg should not be NULL it is "dest".
>
> libpurple/protocols/msn/directconn.c:49 - reduced etropy
> static void msn_dc_calculate_nonce_hash(MsnDirectConnNonceType type,
> const guchar nonce[16], gchar nonce_hash[37]) {
>
> (...)
> purple_cipher_context_append(context, nonce, sizeof(nonce));
>
> Here sizeof(nonce) = size of a pointer, not 16 so we have 32 or 64
> bits of entropy used instead of expected 128.
>
> Lukas
> _______________________________________________
> security mailing list
> security at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130718/2d284a41/attachment.html>


More information about the security mailing list