Blame SOURCES/pidgin-2.10.7-CVE-2013-6489.patch
|
 |
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/mxit/markup.c.CVE-2013-6489 pidgin-2.10.7/libpurple/protocols/mxit/markup.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/mxit/markup.c.CVE-2013-6489 2013-02-11 04:16:52.000000000 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/mxit/markup.c 2014-01-29 20:55:34.239345911 -0500
|
|
|
56fe68 |
@@ -204,7 +204,8 @@ static unsigned int asn_getlength( const
|
|
|
56fe68 |
*/
|
|
|
56fe68 |
static int asn_getUtf8( const char* data, char type, char** utf8 )
|
|
|
56fe68 |
{
|
|
|
56fe68 |
- int len;
|
|
|
56fe68 |
+ unsigned int len;
|
|
|
56fe68 |
+ gchar *out_str;
|
|
|
56fe68 |
|
|
|
56fe68 |
/* validate the field type [1 byte] */
|
|
|
56fe68 |
if ( data[0] != type ) {
|
|
|
56fe68 |
@@ -213,10 +214,17 @@ static int asn_getUtf8( const char* data
|
|
|
56fe68 |
return -1;
|
|
|
56fe68 |
}
|
|
|
56fe68 |
|
|
|
56fe68 |
- len = data[1]; /* length field [1 bytes] */
|
|
|
56fe68 |
- *utf8 = g_malloc( len + 1 );
|
|
|
56fe68 |
- memcpy( *utf8, &data[2], len ); /* data field */
|
|
|
56fe68 |
- (*utf8)[len] = '\0';
|
|
|
56fe68 |
+ len = (uint8_t)data[1]; /* length field [1 byte] */
|
|
|
56fe68 |
+ out_str = g_malloc(len + 1);
|
|
|
56fe68 |
+ if (out_str == NULL) {
|
|
|
56fe68 |
+ purple_debug_fatal(MXIT_PLUGIN_ID, "asn_getUtf8: out of memory");
|
|
|
56fe68 |
+ return -1;
|
|
|
56fe68 |
+ }
|
|
|
56fe68 |
+
|
|
|
56fe68 |
+ memcpy(out_str, &data[2], len); /* data field */
|
|
|
56fe68 |
+ out_str[len] = '\0';
|
|
|
56fe68 |
+
|
|
|
56fe68 |
+ *utf8 = out_str;
|
|
|
56fe68 |
|
|
|
56fe68 |
return ( len + 2 );
|
|
|
56fe68 |
}
|