Mercurial > pidgin
comparison libpurple/protocols/oscar/clientlogin.c @ 30616:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Sun, 17 Oct 2010 03:55:04 +0000 |
parents | 3fbae92e7e0b |
children | 4297feb30ad1 |
comparison
equal
deleted
inserted
replaced
30607:0050a61df60c | 30616:943fce8ef142 |
---|---|
270 PurpleConnection *gc; | 270 PurpleConnection *gc; |
271 char *host, *cookie; | 271 char *host, *cookie; |
272 char *tls_certname = NULL; | 272 char *tls_certname = NULL; |
273 unsigned short port; | 273 unsigned short port; |
274 guint8 *cookiedata; | 274 guint8 *cookiedata; |
275 gsize cookiedata_len; | 275 gsize cookiedata_len = 0; |
276 | 276 |
277 od = user_data; | 277 od = user_data; |
278 gc = od->gc; | 278 gc = od->gc; |
279 | 279 |
280 od->url_data = NULL; | 280 od->url_data = NULL; |