Mercurial > pidgin.yaz
diff libpurple/ntlm.c @ 31053:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Sun, 17 Oct 2010 03:55:04 +0000 |
parents | f1437342cc0e |
children | a13744df700c |
line wrap: on
line diff
--- a/libpurple/ntlm.c Sun Oct 17 03:40:26 2010 +0000 +++ b/libpurple/ntlm.c Sun Oct 17 03:55:04 2010 +0000 @@ -152,9 +152,14 @@ static guint8 nonce[8]; tmsg = (struct type2_message*)purple_base64_decode(type2, &retlen); - memcpy(nonce, tmsg->nonce, 8); - if (flags != NULL) - *flags = GUINT16_FROM_LE(tmsg->flags); + if (tmsg != NULL && retlen >= (sizeof(struct type2_message) - 1)) { + memcpy(nonce, tmsg->nonce, 8); + if (flags != NULL) + *flags = GUINT16_FROM_LE(tmsg->flags); + } else { + purple_debug_error("ntlm", "Unable to parse type2 message - returning empty nonce.\n"); + memset(nonce, 0, 8); + } g_free(tmsg); return nonce;