Mercurial > pidgin.yaz
diff libpurple/protocols/yahoo/libymsg.c @ 31053:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
| author | Daniel Atallah <daniel.atallah@gmail.com> |
|---|---|
| date | Sun, 17 Oct 2010 03:55:04 +0000 |
| parents | 351d07aefb09 |
| children | 63b9cb97d356 86598f5d7ebd 41f1e44ad4b5 |
line wrap: on
line diff
--- a/libpurple/protocols/yahoo/libymsg.c Sun Oct 17 03:40:26 2010 +0000 +++ b/libpurple/protocols/yahoo/libymsg.c Sun Oct 17 03:55:04 2010 +0000 @@ -317,7 +317,7 @@ if (pair->value) { decoded = purple_base64_decode(pair->value, &len); - if (len) { + if (decoded && len > 0) { tmp = purple_str_binary_to_ascii(decoded, len); purple_debug_info("yahoo", "Got key 197, value = %s\n", tmp); g_free(tmp); @@ -2863,15 +2863,17 @@ if (base64) { guint32 ip; YahooFriend *f; - char *host_ip; + char *host_ip, *tmp; struct yahoo_p2p_data *p2p_data; decoded = purple_base64_decode(base64, &len); - if (len) { - char *tmp = purple_str_binary_to_ascii(decoded, len); - purple_debug_info("yahoo", "Got P2P service packet (from server): who = %s, ip = %s\n", who, tmp); - g_free(tmp); + if (decoded == NULL) { + purple_debug_info("yahoo","p2p: Unable to decode base64 IP (%s) \n", base64); + return; } + tmp = purple_str_binary_to_ascii(decoded, len); + purple_debug_info("yahoo", "Got P2P service packet (from server): who = %s, ip = %s\n", who, tmp); + g_free(tmp); ip = strtol((gchar *)decoded, NULL, 10); g_free(decoded);