Mercurial > pidgin.yaz
diff libpurple/protocols/msn/httpconn.c @ 25844:5e6999b6b5e4
Prevent a NUL ptr deref caused by a malformed session_id.
This came out of the veracode analysis.
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Sat, 02 May 2009 19:39:45 +0000 |
parents | d72c185d0be3 |
children | 35b6fd563056 |
line wrap: on
line diff
--- a/libpurple/protocols/msn/httpconn.c Sat May 02 19:33:22 2009 +0000 +++ b/libpurple/protocols/msn/httpconn.c Sat May 02 19:39:45 2009 +0000 @@ -219,7 +219,13 @@ g_free(tmp); t = strchr(full_session_id, '.'); - session_id = g_strndup(full_session_id, t - full_session_id); + if (t != NULL) + session_id = g_strndup(full_session_id, t - full_session_id); + else { + purple_debug_error("msn", "Malformed full_session_id[%s]\n", + full_session_id ? full_session_id : NULL); + session_id = g_strdup(full_session_id); + } if (session_action == NULL || strcmp(session_action, "close") != 0) {