Mercurial > pidgin.yaz

diff libpurple/protocols/msn/httpconn.c @ 25844:5e6999b6b5e4
Prevent a NUL ptr deref caused by a malformed session_id. This came out of the veracode analysis.
author: Daniel Atallah <daniel.atallah@gmail.com>
date: Sat, 02 May 2009 19:39:45 +0000
parents: d72c185d0be3
children: 35b6fd563056
--- a/libpurple/protocols/msn/httpconn.c	Sat May 02 19:33:22 2009 +0000
+++ b/libpurple/protocols/msn/httpconn.c	Sat May 02 19:39:45 2009 +0000
@@ -219,7 +219,13 @@
 		g_free(tmp);
 
 		t = strchr(full_session_id, '.');
-		session_id = g_strndup(full_session_id, t - full_session_id);
+		if (t != NULL)
+			session_id = g_strndup(full_session_id, t - full_session_id);
+		else {
+			purple_debug_error("msn", "Malformed full_session_id[%s]\n",
+					   full_session_id ? full_session_id : NULL);
+			session_id = g_strdup(full_session_id);
+		}
 
 		if (session_action == NULL || strcmp(session_action, "close") != 0)
 		{
author	Daniel Atallah <daniel.atallah@gmail.com>
date	Sat, 02 May 2009 19:39:45 +0000
parents	d72c185d0be3
children	35b6fd563056