rpms / pidgin

Clone
Source Code
GIT

Files

  1.   4133dc0fb16b4f2433b00d796e3bc8f283d37d22
  2.   SOURCES
  3.   pidgin-2.10.7-CVE-2013-6489.patch
Blob Blame History Raw 
diff -up pidgin-2.10.7/libpurple/protocols/mxit/markup.c.CVE-2013-6489 pidgin-2.10.7/libpurple/protocols/mxit/markup.c
--- pidgin-2.10.7/libpurple/protocols/mxit/markup.c.CVE-2013-6489	2013-02-11 04:16:52.000000000 -0500
+++ pidgin-2.10.7/libpurple/protocols/mxit/markup.c	2014-01-29 20:55:34.239345911 -0500
@@ -204,7 +204,8 @@ static unsigned int asn_getlength( const
  */
 static int asn_getUtf8( const char* data, char type, char** utf8 )
 {
-	int		len;
+	unsigned int len;
+	gchar *out_str;
 
 	/* validate the field type [1 byte] */
 	if ( data[0] != type ) {
@@ -213,10 +214,17 @@ static int asn_getUtf8( const char* data
 		return -1;
 	}
 
-	len = data[1];						/* length field [1 bytes] */
-	*utf8 = g_malloc( len + 1 );
-	memcpy( *utf8, &data[2], len );		/* data field */
-	(*utf8)[len] = '\0';
+	len = (uint8_t)data[1]; /* length field [1 byte] */
+	out_str = g_malloc(len + 1);
+	if (out_str == NULL) {
+		purple_debug_fatal(MXIT_PLUGIN_ID, "asn_getUtf8: out of memory");
+		return -1;
+	}
+
+	memcpy(out_str, &data[2], len); /* data field */
+	out_str[len] = '\0';
+
+	*utf8 = out_str;
 
 	return ( len + 2 );
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation