[Pidgin] #15095: Validate UTF-8 in oscar byte_stream_getstr()
Pidgin
trac at pidgin.im
Fri May 4 02:59:37 EDT 2012
#15095: Validate UTF-8 in oscar byte_stream_getstr()
-------------------------+--------------------------------------------------
Reporter: MarkDoliner | Owner: MarkDoliner
Type: defect | Status: new
Component: AIM | Version:
Keywords: |
-------------------------+--------------------------------------------------
There are a few places where oscar calls byte_stream_getstr() to read a
string from a network socket and treats the string as valid UTF-8 without
actually verifying. We should treat data from the network as untrusted
and should validate that the string really is UTF-8 before attempting to
use it.
The problem probably exists in the functions parseadd, parsemod and
parseinfo_create, and may exist in other places.
--
Ticket URL: <http://developer.pidgin.im/ticket/15095>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list