Pidgin 2.10.7 - two issues

Elliott Sales de Andrade qulogic at pidgin.im
Fri Jul 26 18:22:43 EDT 2013


On 17 July 2013 18:05, Lukas Odzioba <lukas.odzioba at gmail.com> wrote:
> libpurple/protocols/msn/directconn.c:49 - reduced etropy
> static void msn_dc_calculate_nonce_hash(MsnDirectConnNonceType type,
> const guchar nonce[16], gchar nonce_hash[37]) {
>
> (...)
> purple_cipher_context_append(context, nonce, sizeof(nonce));
>
> Here sizeof(nonce) = size of a pointer, not 16 so we have 32 or 64
> bits of entropy used instead of expected 128.
>

This one has been fixed at some point after 2.10.7 to use the correct size.

> Lukas

-- 
Elliott aka QuLogic
Pidgin developer


More information about the security mailing list