Mercurial > pidgin.yaz

diff libpurple/protocols/jabber/auth_digest_md5.c @ 31053:943fce8ef142

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix for CVE-2010-3711. Properly validate the return value from purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug). Coincidentally, this should also fix #12614. committer: John Bailey <rekkanoryo@rekkanoryo.org>
author Daniel Atallah <daniel.atallah@gmail.com>
date Sun, 17 Oct 2010 03:55:04 +0000
parents 7cffe7ae8d1a
children e743507b3767
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth_digest_md5.c	Sun Oct 17 03:40:26 2010 +0000
+++ b/libpurple/protocols/jabber/auth_digest_md5.c	Sun Oct 17 03:55:04 2010 +0000
@@ -182,7 +182,9 @@
 
 	dec_in = (char *)purple_base64_decode(enc_in, NULL);
 	purple_debug_misc("jabber", "decoded challenge (%"
-			G_GSIZE_FORMAT "): %s\n", strlen(dec_in), dec_in);
+			G_GSIZE_FORMAT "): %s\n",
+			dec_in != NULL ? strlen(dec_in) : 0,
+			dec_in != NULL  ? dec_in : "(null)");
 
 	parts = parse_challenge(dec_in);