Mercurial > pidgin.yaz

diff libpurple/protocols/qq/im.c @ 31053:943fce8ef142

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix for CVE-2010-3711. Properly validate the return value from purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug). Coincidentally, this should also fix #12614. committer: John Bailey <rekkanoryo@rekkanoryo.org>
author Daniel Atallah <daniel.atallah@gmail.com>
date Sun, 17 Oct 2010 03:55:04 +0000
parents 351d07aefb09
children 4deef745de87
line wrap: on
line diff
--- a/libpurple/protocols/qq/im.c	Sun Oct 17 03:40:26 2010 +0000
+++ b/libpurple/protocols/qq/im.c	Sun Oct 17 03:55:04 2010 +0000
@@ -547,7 +547,6 @@
 	const gchar *start, *end, *last;
 	GData *attribs;
 	gchar *tmp;
-	unsigned char *rgb;
 
 	g_return_val_if_fail(msg != NULL, NULL);
 
@@ -570,8 +569,11 @@
 
 		tmp = g_datalist_get_data(&attribs, "color");
 		if (tmp && strlen(tmp) > 1) {
-			rgb = purple_base16_decode(tmp + 1, NULL);
-			g_memmove(fmt->rgb, rgb, 3);
+			unsigned char *rgb;
+			gsize rgb_len;
+			rgb = purple_base16_decode(tmp + 1, &rgb_len);
+			if (rgb != NULL && rgb_len >= 3)
+				g_memmove(fmt->rgb, rgb, 3);
 			g_free(rgb);
 		}