Mercurial > pidgin.yaz
diff libpurple/protocols/qq/im.c @ 31053:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Sun, 17 Oct 2010 03:55:04 +0000 |
parents | 351d07aefb09 |
children | 4deef745de87 |
line wrap: on
line diff
--- a/libpurple/protocols/qq/im.c Sun Oct 17 03:40:26 2010 +0000 +++ b/libpurple/protocols/qq/im.c Sun Oct 17 03:55:04 2010 +0000 @@ -547,7 +547,6 @@ const gchar *start, *end, *last; GData *attribs; gchar *tmp; - unsigned char *rgb; g_return_val_if_fail(msg != NULL, NULL); @@ -570,8 +569,11 @@ tmp = g_datalist_get_data(&attribs, "color"); if (tmp && strlen(tmp) > 1) { - rgb = purple_base16_decode(tmp + 1, NULL); - g_memmove(fmt->rgb, rgb, 3); + unsigned char *rgb; + gsize rgb_len; + rgb = purple_base16_decode(tmp + 1, &rgb_len); + if (rgb != NULL && rgb_len >= 3) + g_memmove(fmt->rgb, rgb, 3); g_free(rgb); }