[Pidgin] #15289: exchndl.dll issues

Pidgin trac at pidgin.im
Mon Aug 27 07:23:53 EDT 2012

#15289: exchndl.dll issues
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  

Comment(by datallah):

 Replying to [comment:5 ioerror]:
 > I think LoadLibrary vulnerable to CVE-2010-x+n but I don't see an
 obvious way to exploit it. That is a classic problem with CVE-2010-x+n, of
 > I'm not sure about [_tcsrchr] but I'm sure ultramegaman will let us know
 if it is an issue.
 > Regarding rprintf(), yes, I think I agree regarding the ability to
 overflow the static buffer. That can be easily fixed by checking the
 length of the string.
 > I'd probably just rewrite a lot of the possibly problematic code to be
 safe. I opened this ticket with the developers:

 If you were to do that, that would certainly be welcome.

 > As I'm still not sure of the final file's contents, I'm not clear if
 this would be a CVE only for exchndl.dll proper or both exchndl.dll and
 pidgin's derivative exchndl.dll. I think it is in both - though it isn't
 clear in what scenarios it would be exploitable by a malicious party, so
 it isn't terribly critical for all issues. Though the rprintf() issue
 seems like it will be triggered exactly when a malicious attacker has
 taken it upon themselves to mess with things...

 The source of the exchndl.dll that we distribute is the
 [https://code.google.com/p/jrfonseca.drmingw/ upstream git repo] at
 revision db7edd55a561, with the `exchndl_daa4.diff` patch in
 pidgin-inst-deps-20100315.tar.gz] applied.

Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:6>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list