changeset 26860:a6724cd174f1

Fixes a buffer overflow in the ZDI-08-054 report
author Ka-Hing Cheung <khc@hxbc.us>
date Sat, 02 May 2009 19:12:33 +0000
parents 19d27ee1c72a
children d387f1164b3a
files libpurple/protocols/msn/slplink.c
diffstat 1 files changed, 2 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/msn/slplink.c	Sat May 02 18:19:55 2009 +0000
+++ b/libpurple/protocols/msn/slplink.c	Sat May 02 19:12:33 2009 +0000
@@ -493,7 +493,7 @@
 {
 	MsnSlpMessage *slpmsg;
 	const char *data;
-	gsize offset;
+	guint64 offset;
 	gsize len;
 
 #ifdef MSN_DEBUG_SLP
@@ -565,6 +565,7 @@
 			if (slpmsg->buffer == NULL)
 			{
 				purple_debug_error("msn", "Failed to allocate buffer for slpmsg\n");
+				msn_slpmsg_destroy(slpmsg);
 				return;
 			}
 		}