Mercurial > pidgin.yaz

changeset 31645:110a62a7d44d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge of '54f14206293cad5f17a3d9ac3b90a79bbc302d28' and '76a3cd649cdc469718a2303b59a04263164ec664'
author John Bailey <rekkanoryo@rekkanoryo.org>
date Mon, 07 Feb 2011 03:17:18 +0000
parents c2c3200f48ab (diff) e2665473f5e3 (current diff)
children cdf476ff08a8
files ChangeLog
diffstat 3 files changed, 9 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/COPYRIGHT	Sun Feb 06 13:25:54 2011 +0000
+++ b/COPYRIGHT	Mon Feb 07 03:17:18 2011 +0000
@@ -281,6 +281,7 @@
 Joe LaPenna
 Steve Láposi
 Daniel Larsson
+Julia Lawall
 Peter Lawler
 Vadim Lebedev
 Ho-seok Lee
--- a/ChangeLog	Sun Feb 06 13:25:54 2011 +0000
+++ b/ChangeLog	Mon Feb 07 03:17:18 2011 +0000
@@ -34,6 +34,8 @@
 	  check' failures.  (Nader Morshed) (#13131)
 	* Correct an issue that caused some UIs other than Pidgin or Finch to
 	  leave a buddy in the "is typing" state.  (Jan Kaluza)
+	* Fix potential information disclosure issues in the Cipher code.  (Julia
+	  Lawall)
 
 	Pidgin:
 	* Support using the Page Up and Page Down keys on the numeric keypad in
--- a/libpurple/cipher.c	Sun Feb 06 13:25:54 2011 +0000
+++ b/libpurple/cipher.c	Mon Feb 07 03:17:18 2011 +0000
@@ -249,7 +249,7 @@
 	purple_cipher_context_reset(context, NULL);
 
 	md5_context = purple_cipher_context_get_data(context);
-	memset(md5_context, 0, sizeof(md5_context));
+	memset(md5_context, 0, sizeof(*md5_context));
 
 	g_free(md5_context);
 	md5_context = NULL;
@@ -705,7 +705,7 @@
 	purple_cipher_context_reset(context, NULL);
 
 	md4_context = purple_cipher_context_get_data(context);
-	memset(md4_context, 0, sizeof(md4_context));
+	memset(md4_context, 0, sizeof(*md4_context));
 
 	g_free(md4_context);
 	md4_context = NULL;
@@ -1356,7 +1356,7 @@
 	struct _des_ctx *des_context;
 
 	des_context = purple_cipher_context_get_data(context);
-	memset(des_context, 0, sizeof(des_context));
+	memset(des_context, 0, sizeof(*des_context));
 
 	g_free(des_context);
 	des_context = NULL;
@@ -1706,7 +1706,7 @@
 	struct _des3_ctx *des3_context;
 
 	des3_context = purple_cipher_context_get_data(context);
-	memset(des3_context, 0, sizeof(des3_context));
+	memset(des3_context, 0, sizeof(*des3_context));
 
 	g_free(des3_context);
 	des3_context = NULL;
@@ -2382,7 +2382,7 @@
 	struct RC4Context *rc4_ctx;
 
 	rc4_ctx = purple_cipher_context_get_data(context);
-	memset(rc4_ctx, 0, sizeof(rc4_ctx));
+	memset(rc4_ctx, 0, sizeof(*rc4_ctx));
 
 	g_free(rc4_ctx);
 	rc4_ctx = NULL;
@@ -2828,7 +2828,7 @@
 	if(cipher->ops && cipher->ops->uninit)
 		cipher->ops->uninit(context);
 
-	memset(context, 0, sizeof(context));
+	memset(context, 0, sizeof(*context));
 	g_free(context);
 	context = NULL;
 }