[Pidgin] #15289: exchndl.dll issues

Pidgin trac at pidgin.im
Sun Aug 26 03:45:28 EDT 2012

#15289: exchndl.dll issues
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  

Comment(by datallah):

 pidgin.exe isn't registered for any file associations.

 It is registered for various URIs, but when it's invoked for those, the
 exception handler isn't used.

 I don't think the !LoadLibrary thing is a real problem.

 For the !OnStartup stuff:
  * I don't think the comment about a "." being in the directory is correct
 - it's  `_tcsrchr`, so it's looking for the last instance, so unless a
 module doesn't have an extension (which would be really odd on Windows,
 although perhaps not impossible?), it'll be ok.
  * For a really long path to a module, that's potential problem.  I think
 it's really unlikely; it would require the user to have decided to install
 Pidgin somewhere down a crazy path. The effect probably would be an crash
 on startup and I don't think it could be exploited.  Ideally it'd be fixed

 For rprintf() buffer, I think it actually is possible to exceed the buffer
 in the example you posted, but only by a couple bytes (the spaces in the "
 %s" pattern).

 We can't use the "new" "safe" MS string functions (such as StringCchCopy);
 with mingw gcc, we use the MSVCRT runtime, not one of the newer C

 I see what you mean about the overlapping buffers being passed to
 `lstrcpyn`, that's clearly something that should be fixed (although I
 suspect that since they're actually the same pointer it coincidentally
 works - that's the case our code hits every time since it isn't C++ and I
 don't remember seeing any odd behavior).

Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:4>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list