rpms / pidgin

Clone
Source Code
GIT

Blame SOURCES/pidgin-2.10.7-CVE-2013-6490.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c7-sig-altarch-fasttrack c8 c8-beta c8s
  1.   4133dc0fb16b4f2433b00d796e3bc8f283d37d22
  2.   SOURCES
  3.   pidgin-2.10.7-CVE-2013-6490.patch
Blob History Raw
4133dc 
diff -up pidgin-2.10.7/libpurple/protocols/simple/simple.c.CVE-2013-6490 pidgin-2.10.7/libpurple/protocols/simple/simple.c
4133dc 
--- pidgin-2.10.7/libpurple/protocols/simple/simple.c.CVE-2013-6490	2013-02-11 04:16:52.000000000 -0500
4133dc 
+++ pidgin-2.10.7/libpurple/protocols/simple/simple.c	2014-01-29 22:27:25.222516679 -0500
4133dc 
@@ -1640,7 +1640,7 @@ static void process_input(struct simple_
4133dc 
 		cur += 2;
4133dc 
 		restlen = conn->inbufused - (cur - conn->inbuf);
4133dc 
 		if(restlen >= msg->bodylen) {
4133dc 
-			dummy = g_malloc(msg->bodylen + 1);
4133dc 
+			dummy = g_new(char, msg->bodylen + 1);
4133dc 
 			memcpy(dummy, cur, msg->bodylen);
4133dc 
 			dummy[msg->bodylen] = '\0';
4133dc 
 			msg->body = dummy;
4133dc 
diff -up pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c.CVE-2013-6490 pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c
4133dc 
--- pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c.CVE-2013-6490	2013-02-11 04:16:52.000000000 -0500
4133dc 
+++ pidgin-2.10.7/libpurple/protocols/simple/sipmsg.c	2014-01-29 22:27:25.223516732 -0500
4133dc 
@@ -114,6 +114,11 @@ struct sipmsg *sipmsg_parse_header(const
4133dc 
 	tmp2 = sipmsg_find_header(msg, "Content-Length");
4133dc 
 	if (tmp2 != NULL)
4133dc 
 		msg->bodylen = strtol(tmp2, NULL, 10);
4133dc 
+	if (msg->bodylen < 0) {
4133dc 
+		purple_debug_warning("simple", "Invalid body length: %d",
4133dc 
+			msg->bodylen);
4133dc 
+		msg->bodylen = 0;
4133dc 
+	}
4133dc
4133dc 
 	if(msg->response) {
4133dc 
 		tmp2 = sipmsg_find_header(msg, "CSeq");

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation