|
|
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/simple/simple.c.CVE-2013-6490 pidgin-2.10.7/libpurple/protocols/simple/simple.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/simple/simple.c.CVE-2013-6490 2013-02-11 04:16:52.000000000 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/simple/simple.c 2014-01-29 22:27:25.222516679 -0500
|
|
|
56fe68 |
@@ -1640,7 +1640,7 @@ static void process_input(struct simple_
|
|
|
56fe68 |
cur += 2;
|
|
|
56fe68 |
restlen = conn->inbufused - (cur - conn->inbuf);
|
|
|
56fe68 |
if(restlen >= msg->bodylen) {
|
|
|
56fe68 |
- dummy = g_malloc(msg->bodylen + 1);
|
|
|
56fe68 |
+ dummy = g_new(char, msg->bodylen + 1);
|
|
|
56fe68 |
memcpy(dummy, cur, msg->bodylen);
|
|
|
56fe68 |
dummy[msg->bodylen] = '\0';
|
|
|
56fe68 |
msg->body = dummy;
|
|
|
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c.CVE-2013-6490 pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c.CVE-2013-6490 2013-02-11 04:16:52.000000000 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c 2014-01-29 22:27:25.223516732 -0500
|
|
|
56fe68 |
@@ -114,6 +114,11 @@ struct sipmsg *sipmsg_parse_header(const
|
|
|
56fe68 |
tmp2 = sipmsg_find_header(msg, "Content-Length");
|
|
|
56fe68 |
if (tmp2 != NULL)
|
|
|
56fe68 |
msg->bodylen = strtol(tmp2, NULL, 10);
|
|
|
56fe68 |
+ if (msg->bodylen < 0) {
|
|
|
56fe68 |
+ purple_debug_warning("simple", "Invalid body length: %d",
|
|
|
56fe68 |
+ msg->bodylen);
|
|
|
56fe68 |
+ msg->bodylen = 0;
|
|
|
56fe68 |
+ }
|
|
|
56fe68 |
|
|
|
56fe68 |
if(msg->response) {
|
|
|
56fe68 |
tmp2 = sipmsg_find_header(msg, "CSeq");
|