[Pidgin] #15289: exchndl.dll issues

[Pidgin]

#15289: exchndl.dll issues
----------------------+-----------------------------------------------------
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  
----------------------+-----------------------------------------------------

Comment(by ioerror):

 I think LoadLibrary vulnerable to CVE-2010-x+n but I don't see an obvious
 way to exploit it. That is a classic problem with CVE-2010-x+n, of course.

 I'm not sure about [_tcsrchr] but I'm sure ultramegaman will let us know
 if it is an issue.

 Regarding rprintf(), yes, I think I agree regarding the ability to
 overflow the static buffer. That can be easily fixed by checking the
 length of the string.

 I'd probably just rewrite a lot of the possibly problematic code to be
 safe. I opened this ticket with the developers:
 http://code.google.com/p/jrfonseca/issues/detail?id=73

 As I'm still not sure of the final file's contents, I'm not clear if this
 would be a CVE only for exchndl.dll proper or both exchndl.dll and
 pidgin's derivative exchndl.dll. I think it is in both - though it isn't
 clear in what scenarios it would be exploitable by a malicious party, so
 it isn't terribly critical for all issues. Though the rprintf() issue
 seems like it will be triggered exactly when a malicious attacker has
 taken it upon themselves to mess with things...

-- 
Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:5>
Pidgin <http://pidgin.im>
Pidgin