[Pidgin] #15095: Validate UTF-8 in oscar byte_stream_getstr()

Pidgin trac at pidgin.im
Fri May 4 02:59:37 EDT 2012

#15095: Validate UTF-8 in oscar byte_stream_getstr()
 Reporter:  MarkDoliner  |     Owner:  MarkDoliner
     Type:  defect       |    Status:  new        
Component:  AIM          |   Version:             
 Keywords:               |  
 There are a few places where oscar calls byte_stream_getstr() to read a
 string from a network socket and treats the string as valid UTF-8 without
 actually verifying.  We should treat data from the network as untrusted
 and should validate that the string really is UTF-8 before attempting to
 use it.

 The problem probably exists in the functions parseadd, parsemod and
 parseinfo_create, and may exist in other places.

Ticket URL: <http://developer.pidgin.im/ticket/15095>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list