[Pidgin] #15289: exchndl.dll issues
Pidgin
trac at pidgin.im
Sun Aug 26 01:33:58 EDT 2012
#15289: exchndl.dll issues
----------------------+-----------------------------------------------------
Reporter: ioerror | Owner: datallah
Type: defect | Status: new
Milestone: | Component: winpidgin (gtk)
Version: 2.10.6 | Resolution:
Keywords: security |
----------------------+-----------------------------------------------------
Comment(by ultramegaman):
Also, this worries me. The OnStartup() routine looks like this:
{{{
if(GetModuleFileName(NULL, szLogFileName, MAX_PATH))
{
LPTSTR lpszDot;
if((lpszDot = _tcsrchr(szLogFileName, _T('.'))))
{
lpszDot++;
_tcscpy(lpszDot, _T("RPT"));
}
else
_tcscat(szLogFileName, _T(".RPT"));
}
}}}
Suppose that the full qualified path of the module contains a "." in the
directory, such as C:\Users\myuser\pidgin.testing\module.exe; this code
would create a file at C:\Users\myuser\pidgin.RPT, which is not what's
expected.
A better example is when the path of the module approaches MAX_PATH in
length and the GetModuleFileName call truncates the response and the
truncation chops off the "." in the file name extension. The result is
that szLogFileName will be MAX_PATH in length, which is the size of its
allocated buffer. The "." is not found, so ".RPT" is added past the end of
the buffer. This will surely result in corruption of the stack.
--
Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list