[Pidgin] #6246: MSN receive crash fix after failed file open
Pidgin
trac at pidgin.im
Fri Jul 4 09:07:54 EDT 2008
#6246: MSN receive crash fix after failed file open
--------------------+-------------------------------------------------------
Reporter: sbrabec | Owner: khc
Type: defect | Status: new
Priority: minor | Component: MSN
Version: 2.4.3 | Keywords: file transfer
Pending: 0 |
--------------------+-------------------------------------------------------
File receive in msn_slplink_process_msg() calls purple_xfer_start() and
then it copies dest_fp to a private structure without checking.
In case, if destination file open fails for any reason, the whole xfer
structure was already unref'ed in purple_xfer_cancel_local().
Attached patch fixes only the crash on the receiving side and not other
aspects of this error:
- Sending side thinks, that transfer succeeded.
- Creating a private copy of the file descriptor may be sub-optimal -
libpurple provides its own file writing callback.
References:
CVE-2008-2955
BUGTRAQ:20080626 Pidgin 2.4.1 Vulnerability
FRSIRT:ADV-2008-1947
SECUNIA:30881
--
Ticket URL: <http://developer.pidgin.im/ticket/6246>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list