Blame SOURCES/pidgin-2.10.7-CVE-2013-6489.patch

56fe68
diff -up pidgin-2.10.7/libpurple/protocols/mxit/markup.c.CVE-2013-6489 pidgin-2.10.7/libpurple/protocols/mxit/markup.c
56fe68
--- pidgin-2.10.7/libpurple/protocols/mxit/markup.c.CVE-2013-6489	2013-02-11 04:16:52.000000000 -0500
56fe68
+++ pidgin-2.10.7/libpurple/protocols/mxit/markup.c	2014-01-29 20:55:34.239345911 -0500
56fe68
@@ -204,7 +204,8 @@ static unsigned int asn_getlength( const
56fe68
  */
56fe68
 static int asn_getUtf8( const char* data, char type, char** utf8 )
56fe68
 {
56fe68
-	int		len;
56fe68
+	unsigned int len;
56fe68
+	gchar *out_str;
56fe68
 
56fe68
 	/* validate the field type [1 byte] */
56fe68
 	if ( data[0] != type ) {
56fe68
@@ -213,10 +214,17 @@ static int asn_getUtf8( const char* data
56fe68
 		return -1;
56fe68
 	}
56fe68
 
56fe68
-	len = data[1];						/* length field [1 bytes] */
56fe68
-	*utf8 = g_malloc( len + 1 );
56fe68
-	memcpy( *utf8, &data[2], len );		/* data field */
56fe68
-	(*utf8)[len] = '\0';
56fe68
+	len = (uint8_t)data[1]; /* length field [1 byte] */
56fe68
+	out_str = g_malloc(len + 1);
56fe68
+	if (out_str == NULL) {
56fe68
+		purple_debug_fatal(MXIT_PLUGIN_ID, "asn_getUtf8: out of memory");
56fe68
+		return -1;
56fe68
+	}
56fe68
+
56fe68
+	memcpy(out_str, &data[2], len); /* data field */
56fe68
+	out_str[len] = '\0';
56fe68
+
56fe68
+	*utf8 = out_str;
56fe68
 
56fe68
 	return ( len + 2 );
56fe68
 }