diff -up pidgin-2.10.7/libpurple/protocols/msn/msg.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/msg.c
--- pidgin-2.10.7/libpurple/protocols/msn/msg.c.CVE-2013-6482 2013-02-11 04:16:52.000000000 -0500
+++ pidgin-2.10.7/libpurple/protocols/msn/msg.c 2014-01-29 09:20:02.125156089 -0500
@@ -178,6 +178,8 @@ msn_message_parse_payload(MsnMessage *ms
g_free(tmp_base);
g_return_if_reached();
}
+
+ /* NUL-terminate the end of the headers - it'll get skipped over below */
*end = '\0';
/* Split the headers and parse each one */
@@ -195,10 +197,12 @@ msn_message_parse_payload(MsnMessage *ms
/* The only one I care about is 'boundary' (which is folded from
the key 'Content-Type'), so only process that. */
- if (!strcmp(key, "boundary")) {
+ if (!strcmp(key, "boundary") && value) {
char *end = strchr(value, '\"');
- *end = '\0';
- msn_message_set_header(msg, key, value);
+ if (end) {
+ *end = '\0';
+ msn_message_set_header(msg, key, value);
+ }
}
g_strfreev(tokens);
@@ -210,18 +214,15 @@ msn_message_parse_payload(MsnMessage *ms
key = tokens[0];
value = tokens[1];
- /*if not MIME content ,then return*/
if (!strcmp(key, "MIME-Version"))
{
- g_strfreev(tokens);
- continue;
+ /* Ignore MIME-Version header */
}
-
- if (!strcmp(key, "Content-Type"))
+ else if (!strcmp(key, "Content-Type"))
{
char *charset, *c;
- if ((c = strchr(value, ';')) != NULL)
+ if (value && (c = strchr(value, ';')) != NULL)
{
if ((charset = strchr(c, '=')) != NULL)
{
diff -up pidgin-2.10.7/libpurple/protocols/msn/oim.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/oim.c
--- pidgin-2.10.7/libpurple/protocols/msn/oim.c.CVE-2013-6482 2014-01-29 09:20:03.696153312 -0500
+++ pidgin-2.10.7/libpurple/protocols/msn/oim.c 2014-01-29 09:20:04.713151523 -0500
@@ -362,11 +362,12 @@ msn_oim_send_read_cb(MsnSoapMessage *req
if (faultcode) {
char *faultcode_str = xmlnode_get_data(faultcode);
- if (g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {
+ if (faultcode_str && g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {
xmlnode *challengeNode = xmlnode_get_child(faultNode,
"detail/LockKeyChallenge");
+ char *challenge = NULL;
- if (challengeNode == NULL) {
+ if (challengeNode == NULL || (challenge = xmlnode_get_data(challengeNode)) == NULL) {
if (oim->challenge) {
g_free(oim->challenge);
oim->challenge = NULL;
@@ -384,7 +385,6 @@ msn_oim_send_read_cb(MsnSoapMessage *req
} else {
char buf[33];
- char *challenge = xmlnode_get_data(challengeNode);
msn_handle_chl(challenge, buf);
g_free(oim->challenge);
@@ -400,22 +400,23 @@ msn_oim_send_read_cb(MsnSoapMessage *req
}
} else {
/* Report the error */
- const char *str_reason;
+ const char *str_reason = NULL;
- if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {
- str_reason = _("Message was not sent because the system is "
- "unavailable. This normally happens when the "
- "user is blocked or does not exist.");
-
- } else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {
- str_reason = _("Message was not sent because messages "
- "are being sent too quickly.");
-
- } else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {
- str_reason = _("Message was not sent because an unknown "
- "encoding error occurred.");
+ if (faultcode_str) {
+ if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {
+ str_reason = _("Message was not sent because the system is "
+ "unavailable. This normally happens when the "
+ "user is blocked or does not exist.");
+ } else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {
+ str_reason = _("Message was not sent because messages "
+ "are being sent too quickly.");
+ } else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {
+ str_reason = _("Message was not sent because an unknown "
+ "encoding error occurred.");
+ }
+ }
- } else {
+ if (str_reason == NULL) {
str_reason = _("Message was not sent because an unknown "
"error occurred.");
}
diff -up pidgin-2.10.7/libpurple/protocols/msn/soap.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/soap.c
--- pidgin-2.10.7/libpurple/protocols/msn/soap.c.CVE-2013-6482 2013-02-11 04:16:52.000000000 -0500
+++ pidgin-2.10.7/libpurple/protocols/msn/soap.c 2014-01-29 09:20:04.714151533 -0500
@@ -304,21 +304,25 @@ msn_soap_handle_body(MsnSoapConnection *
if (faultcode != NULL) {
char *faultdata = xmlnode_get_data(faultcode);
- if (g_str_equal(faultdata, "psf:Redirect")) {
+ if (faultdata && g_str_equal(faultdata, "psf:Redirect")) {
xmlnode *url = xmlnode_get_child(fault, "redirectUrl");
if (url) {
char *urldata = xmlnode_get_data(url);
- msn_soap_handle_redirect(conn, urldata);
+ if (urldata)
+ msn_soap_handle_redirect(conn, urldata);
g_free(urldata);
}
g_free(faultdata);
msn_soap_message_destroy(response);
return TRUE;
- } else if (g_str_equal(faultdata, "wsse:FailedAuthentication")) {
+ } else if (faultdata && g_str_equal(faultdata, "wsse:FailedAuthentication")) {
xmlnode *reason = xmlnode_get_child(fault, "faultstring");
- char *reasondata = xmlnode_get_data(reason);
+ char *reasondata = NULL;
+
+ if (reason)
+ reasondata = xmlnode_get_data(reason);
msn_soap_connection_sanitize(conn, TRUE);
msn_session_set_error(conn->session, MSN_ERROR_AUTH,