Mercurial > pidgin.yaz

changeset 26838:cfde0f7fd54f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Don't crash on malicious candidates missing attributes
author Paul Aurich <paul@darkrain42.org>
date Thu, 30 Apr 2009 03:40:50 +0000
parents ca2c3d134eaf
children 43e1cdbc6b4b
files libpurple/protocols/jabber/jingle/iceudp.c libpurple/protocols/jabber/jingle/rawudp.c
diffstat 2 files changed, 40 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/jabber/jingle/iceudp.c	Thu Apr 30 02:59:24 2009 +0000
+++ b/libpurple/protocols/jabber/jingle/iceudp.c	Thu Apr 30 03:40:50 2009 +0000
@@ -310,19 +310,33 @@
 	const gchar *password = xmlnode_get_attrib(iceudp, "pwd");
 
 	for (; candidate; candidate = xmlnode_get_next_twin(candidate)) {
-		const gchar *relport =
-				xmlnode_get_attrib(candidate, "rel-port");
+		const gchar *relport = xmlnode_get_attrib(candidate, "rel-port");
+		const gchar *component = xmlnode_get_attrib(candidate, "component");
+		const gchar *foundation = xmlnode_get_attrib(candidate, "foundation");
+		const gchar *generation = xmlnode_get_attrib(candidate, "generation");
+		const gchar *id = xmlnode_get_attrib(candidate, "id");
+		const gchar *ip = xmlnode_get_attrib(candidate, "ip");
+		const gchar *network = xmlnode_get_attrib(candidate, "network");
+		const gchar *port = xmlnode_get_attrib(candidate, "port");
+		const gchar *priority = xmlnode_get_attrib(candidate, "priority");
+		const gchar *protocol = xmlnode_get_attrib(candidate, "protocol");
+		const gchar *type = xmlnode_get_attrib(candidate, "type");
+
+		if (!component || !foundation || !generation || !id || !ip ||
+				!network || !port || !priority || !protocol || !type)
+			continue;
+
 		iceudp_candidate = jingle_iceudp_candidate_new(
-				atoi(xmlnode_get_attrib(candidate, "component")),
-				xmlnode_get_attrib(candidate, "foundation"),
-				atoi(xmlnode_get_attrib(candidate, "generation")),
-				xmlnode_get_attrib(candidate, "id"),
-				xmlnode_get_attrib(candidate, "ip"),
-				atoi(xmlnode_get_attrib(candidate, "network")),
-				atoi(xmlnode_get_attrib(candidate, "port")),
-				atoi(xmlnode_get_attrib(candidate, "priority")),
-				xmlnode_get_attrib(candidate, "protocol"),
-				xmlnode_get_attrib(candidate, "type"),
+				atoi(component),
+				foundation,
+				atoi(generation),
+				id,
+				ip,
+				atoi(network),
+				atoi(port),
+				atoi(priority),
+				protocol,
+				type,
 				username, password);
 		iceudp_candidate->reladdr = g_strdup(
 				xmlnode_get_attrib(candidate, "rel-addr"));
--- a/libpurple/protocols/jabber/jingle/rawudp.c	Thu Apr 30 02:59:24 2009 +0000
+++ b/libpurple/protocols/jabber/jingle/rawudp.c	Thu Apr 30 03:40:50 2009 +0000
@@ -278,12 +278,21 @@
 	JingleRawUdpCandidate *rawudp_candidate = NULL;
 
 	for (; candidate; candidate = xmlnode_get_next_twin(candidate)) {
+		const gchar *id = xmlnode_get_attrib(candidate, "id");
+		const gchar *generation = xmlnode_get_attrib(candidate, "generation");
+		const gchar *component = xmlnode_get_attrib(candidate, "component");
+		const gchar *ip = xmlnode_get_attrib(candidate, "ip");
+		const gchar *port = xmlnode_get_attrib(candidate, "port");
+
+		if (!id || !generation || !component || !ip || !port)
+			continue;
+
 		rawudp_candidate = jingle_rawudp_candidate_new(
-				xmlnode_get_attrib(candidate, "id"),
-				atoi(xmlnode_get_attrib(candidate, "generation")),
-				atoi(xmlnode_get_attrib(candidate, "component")),
-				xmlnode_get_attrib(candidate, "ip"),
-				atoi(xmlnode_get_attrib(candidate, "port")));
+				id,
+				atoi(generation),
+				atoi(component),
+				ip,
+				atoi(port));
 		rawudp_candidate->rem_known = TRUE;
 		jingle_rawudp_add_remote_candidate(JINGLE_RAWUDP(transport), rawudp_candidate);
 	}