Mercurial > pidgin
comparison libpurple/protocols/oscar/clientlogin.c @ 30616:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
| author | Daniel Atallah <daniel.atallah@gmail.com> |
|---|---|
| date | Sun, 17 Oct 2010 03:55:04 +0000 |
| parents | 3fbae92e7e0b |
| children | 4297feb30ad1 |
comparison
equal
deleted
inserted
replaced
| 30607:0050a61df60c | 30616:943fce8ef142 |
|---|---|
| 270 PurpleConnection *gc; | 270 PurpleConnection *gc; |
| 271 char *host, *cookie; | 271 char *host, *cookie; |
| 272 char *tls_certname = NULL; | 272 char *tls_certname = NULL; |
| 273 unsigned short port; | 273 unsigned short port; |
| 274 guint8 *cookiedata; | 274 guint8 *cookiedata; |
| 275 gsize cookiedata_len; | 275 gsize cookiedata_len = 0; |
| 276 | 276 |
| 277 od = user_data; | 277 od = user_data; |
| 278 gc = od->gc; | 278 gc = od->gc; |
| 279 | 279 |
| 280 od->url_data = NULL; | 280 od->url_data = NULL; |