Security Bug due to Unchecked use of GnuTLS function

Yuan Jochen Kang yjk2106 at
Sun Apr 10 19:20:32 EDT 2016

Dear Pidgin developers,

We are security researchers at Columbia University and the University of
Virginia. As part of a research project, we have built a tool for
automatically finding error handling bugs and are testing it on various
cryptographic libraries and applications that use them.

We discovered that failures of gnutls_x509_crt_init are sometimes ignored,
which could make the resulting certificate invalid.

Please let us know how you intend to address the following issue:

libpurple/plugins/ssl/ssl-gnutls.c, line 688:
static PurpleCertificate *
x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode)

Thank you,
Yuan Kang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list