Mercurial > pidgin.yaz
diff libpurple/protocols/oscar/clientlogin.c @ 31053:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
| author | Daniel Atallah <daniel.atallah@gmail.com> |
|---|---|
| date | Sun, 17 Oct 2010 03:55:04 +0000 |
| parents | 3fbae92e7e0b |
| children | 4297feb30ad1 |
line wrap: on
line diff
--- a/libpurple/protocols/oscar/clientlogin.c Sun Oct 17 03:40:26 2010 +0000 +++ b/libpurple/protocols/oscar/clientlogin.c Sun Oct 17 03:55:04 2010 +0000 @@ -272,7 +272,7 @@ char *tls_certname = NULL; unsigned short port; guint8 *cookiedata; - gsize cookiedata_len; + gsize cookiedata_len = 0; od = user_data; gc = od->gc;