Mercurial > pidgin.yaz
comparison libpurple/protocols/msn/slplink.c @ 28287:4200554dd0fc
Patch written by Mark Doliner and Paul Aurich to fix a remote crash on MSN
reported to us by the CORE Security Technologies Security Advisories Team.
| author | John Bailey <rekkanoryo@rekkanoryo.org> |
|---|---|
| date | Sun, 16 Aug 2009 23:27:24 +0000 |
| parents | de7f6fd04298 |
| children | 6b66226f6e03 |
comparison
equal
deleted
inserted
replaced
| 28286:8ae961da80d5 | 28287:4200554dd0fc |
|---|---|
| 439 slpmsg->ack_sub_id = msg->msnslp_header.ack_id; | 439 slpmsg->ack_sub_id = msg->msnslp_header.ack_id; |
| 440 slpmsg->ack_size = msg->msnslp_header.total_size; | 440 slpmsg->ack_size = msg->msnslp_header.total_size; |
| 441 slpmsg->info = "SLP ACK"; | 441 slpmsg->info = "SLP ACK"; |
| 442 | 442 |
| 443 msn_slplink_send_slpmsg(slplink, slpmsg); | 443 msn_slplink_send_slpmsg(slplink, slpmsg); |
| 444 msn_slpmsg_destroy(slpmsg); | |
| 444 } | 445 } |
| 445 | 446 |
| 446 static void | 447 static void |
| 447 send_file_cb(MsnSlpCall *slpcall) | 448 send_file_cb(MsnSlpCall *slpcall) |
| 448 { | 449 { |
| 576 if (slpmsg->fp) | 577 if (slpmsg->fp) |
| 577 { | 578 { |
| 578 /* fseek(slpmsg->fp, offset, SEEK_SET); */ | 579 /* fseek(slpmsg->fp, offset, SEEK_SET); */ |
| 579 len = fwrite(data, 1, len, slpmsg->fp); | 580 len = fwrite(data, 1, len, slpmsg->fp); |
| 580 } | 581 } |
| 581 else if (slpmsg->size) | 582 else if (slpmsg->size && slpmsg->buffer) |
| 582 { | 583 { |
| 583 if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size) | 584 if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size) |
| 584 { | 585 { |
| 585 purple_debug_error("msn", | 586 purple_debug_error("msn", |
| 586 "Oversized slpmsg - msgsize=%lld offset=%" G_GUINT64_FORMAT " len=%" G_GSIZE_FORMAT "\n", | 587 "Oversized slpmsg - msgsize=%lld offset=%" G_GUINT64_FORMAT " len=%" G_GSIZE_FORMAT "\n", |