diff -up pidgin-2.10.7/libpurple/protocols/msn/msg.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/msg.c

--- pidgin-2.10.7/libpurple/protocols/msn/msg.c.CVE-2013-6482	2013-02-11 04:16:52.000000000 -0500

+++ pidgin-2.10.7/libpurple/protocols/msn/msg.c	2014-01-29 09:20:02.125156089 -0500

@@ -178,6 +178,8 @@ msn_message_parse_payload(MsnMessage *ms

 		g_free(tmp_base);

 		g_return_if_reached();

 	}

+

+	/* NUL-terminate the end of the headers - it'll get skipped over below */

 	*end = '\0';

 	/* Split the headers and parse each one */

@@ -195,10 +197,12 @@ msn_message_parse_payload(MsnMessage *ms

 			/* The only one I care about is 'boundary' (which is folded from

 			   the key 'Content-Type'), so only process that. */

-			if (!strcmp(key, "boundary")) {

+			if (!strcmp(key, "boundary") && value) {

 				char *end = strchr(value, '\"');

-				*end = '\0';

-				msn_message_set_header(msg, key, value);

+				if (end) {

+					*end = '\0';

+					msn_message_set_header(msg, key, value);

+				}

 			}

 			g_strfreev(tokens);

@@ -210,18 +214,15 @@ msn_message_parse_payload(MsnMessage *ms

 		key = tokens[0];

 		value = tokens[1];

-		/*if not MIME content ,then return*/

 		if (!strcmp(key, "MIME-Version"))

 		{

-			g_strfreev(tokens);

-			continue;

+			/* Ignore MIME-Version header */

 		}

-

-		if (!strcmp(key, "Content-Type"))

+		else if (!strcmp(key, "Content-Type"))

 		{

 			char *charset, *c;

-			if ((c = strchr(value, ';')) != NULL)

+			if (value && (c = strchr(value, ';')) != NULL)

 			{

 				if ((charset = strchr(c, '=')) != NULL)

 				{

diff -up pidgin-2.10.7/libpurple/protocols/msn/oim.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/oim.c

--- pidgin-2.10.7/libpurple/protocols/msn/oim.c.CVE-2013-6482	2014-01-29 09:20:03.696153312 -0500

+++ pidgin-2.10.7/libpurple/protocols/msn/oim.c	2014-01-29 09:20:04.713151523 -0500

@@ -362,11 +362,12 @@ msn_oim_send_read_cb(MsnSoapMessage *req

 			if (faultcode) {

 				char *faultcode_str = xmlnode_get_data(faultcode);

-				if (g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {

+				if (faultcode_str && g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {

 					xmlnode *challengeNode = xmlnode_get_child(faultNode,

 						"detail/LockKeyChallenge");

+					char *challenge = NULL;

-					if (challengeNode == NULL) {

+					if (challengeNode == NULL || (challenge = xmlnode_get_data(challengeNode)) == NULL) {

 						if (oim->challenge) {

 							g_free(oim->challenge);

 							oim->challenge = NULL;

@@ -384,7 +385,6 @@ msn_oim_send_read_cb(MsnSoapMessage *req

 					} else {

 						char buf[33];

-						char *challenge = xmlnode_get_data(challengeNode);

 						msn_handle_chl(challenge, buf);

 						g_free(oim->challenge);

@@ -400,22 +400,23 @@ msn_oim_send_read_cb(MsnSoapMessage *req

 					}

 				} else {

 					/* Report the error */

-					const char *str_reason;

+					const char *str_reason = NULL;

-					if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {

-						str_reason = _("Message was not sent because the system is "

-						               "unavailable. This normally happens when the "

-						               "user is blocked or does not exist.");

-

-					} else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {

-						str_reason = _("Message was not sent because messages "

-						               "are being sent too quickly.");

-

-					} else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {

-						str_reason = _("Message was not sent because an unknown "

-						               "encoding error occurred.");

+					if (faultcode_str) {

+						if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {

+							str_reason = _("Message was not sent because the system is "

+							               "unavailable. This normally happens when the "

+							               "user is blocked or does not exist.");

+						} else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {

+							str_reason = _("Message was not sent because messages "

+							               "are being sent too quickly.");

+						} else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {

+							str_reason = _("Message was not sent because an unknown "

+							               "encoding error occurred.");

+						}

+					}

-					} else {

+					if (str_reason == NULL) {

 						str_reason = _("Message was not sent because an unknown "

 						               "error occurred.");

 					}

diff -up pidgin-2.10.7/libpurple/protocols/msn/soap.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/soap.c

--- pidgin-2.10.7/libpurple/protocols/msn/soap.c.CVE-2013-6482	2013-02-11 04:16:52.000000000 -0500

+++ pidgin-2.10.7/libpurple/protocols/msn/soap.c	2014-01-29 09:20:04.714151533 -0500

@@ -304,21 +304,25 @@ msn_soap_handle_body(MsnSoapConnection *

 		if (faultcode != NULL) {

 			char *faultdata = xmlnode_get_data(faultcode);

-			if (g_str_equal(faultdata, "psf:Redirect")) {

+			if (faultdata && g_str_equal(faultdata, "psf:Redirect")) {

 				xmlnode *url = xmlnode_get_child(fault, "redirectUrl");

 				if (url) {

 					char *urldata = xmlnode_get_data(url);

-					msn_soap_handle_redirect(conn, urldata);

+					if (urldata)

+						msn_soap_handle_redirect(conn, urldata);

 					g_free(urldata);

 				}

 				g_free(faultdata);

 				msn_soap_message_destroy(response);

 				return TRUE;

-			} else if (g_str_equal(faultdata, "wsse:FailedAuthentication")) {

+			} else if (faultdata && g_str_equal(faultdata, "wsse:FailedAuthentication")) {

 				xmlnode *reason = xmlnode_get_child(fault, "faultstring");

-				char *reasondata = xmlnode_get_data(reason);

+				char *reasondata = NULL;

+

+				if (reason)

+					reasondata = xmlnode_get_data(reason);

 				msn_soap_connection_sanitize(conn, TRUE);

 				msn_session_set_error(conn->session, MSN_ERROR_AUTH,