[Pidgin] #15289: exchndl.dll issues
Pidgin
trac at pidgin.im
Sun Aug 26 03:45:28 EDT 2012
#15289: exchndl.dll issues
----------------------+-----------------------------------------------------
Reporter: ioerror | Owner: datallah
Type: defect | Status: new
Milestone: | Component: winpidgin (gtk)
Version: 2.10.6 | Resolution:
Keywords: security |
----------------------+-----------------------------------------------------
Comment(by datallah):
pidgin.exe isn't registered for any file associations.
It is registered for various URIs, but when it's invoked for those, the
exception handler isn't used.
I don't think the !LoadLibrary thing is a real problem.
For the !OnStartup stuff:
* I don't think the comment about a "." being in the directory is correct
- it's `_tcsrchr`, so it's looking for the last instance, so unless a
module doesn't have an extension (which would be really odd on Windows,
although perhaps not impossible?), it'll be ok.
* For a really long path to a module, that's potential problem. I think
it's really unlikely; it would require the user to have decided to install
Pidgin somewhere down a crazy path. The effect probably would be an crash
on startup and I don't think it could be exploited. Ideally it'd be fixed
though.
For rprintf() buffer, I think it actually is possible to exceed the buffer
in the example you posted, but only by a couple bytes (the spaces in the "
%s" pattern).
We can't use the "new" "safe" MS string functions (such as StringCchCopy);
with mingw gcc, we use the MSVCRT runtime, not one of the newer C
runtimes.
I see what you mean about the overlapping buffers being passed to
`lstrcpyn`, that's clearly something that should be fixed (although I
suspect that since they're actually the same pointer it coincidentally
works - that's the case our code hits every time since it isn't C++ and I
don't remember seeing any odd behavior).
--
Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:4>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list