[Pidgin] #12989: two potential buffer overflows in zephyr
Pidgin
trac at pidgin.im
Thu Nov 25 23:22:18 EST 2010
#12989: two potential buffer overflows in zephyr
-----------------------------------+----------------------------------------
Reporter: underground-stockholm | Owner: seanegan
Type: defect | Status: new
Component: Zephyr | Version: 2.7.7
Keywords: crash buffer-overflow |
-----------------------------------+----------------------------------------
Hello,
I think I have found two potential buffer overflows in pidgin, where
it will write outside of allocated memory in certain cases.
Function zephyr_login() in libpurple/protocols/zephyr/zephyr.c (from
Monotone):[[BR]]
tempstr = g_malloc0(20000);[[BR]]
gchar* username = g_malloc0(100);
In both cases, there are no checks that the data copied will fit in
tempstr and username.
I have no idea if this is exploitable for code execution or just a
crash.
--
Frank | [http://underground-stockholm.com/ Underground Stockholm]
--
Ticket URL: <http://developer.pidgin.im/ticket/12989>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list