Mercurial > pidgin
diff libpurple/protocols/jabber/auth_digest_md5.c @ 30616:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Sun, 17 Oct 2010 03:55:04 +0000 |
parents | 7cffe7ae8d1a |
children | e743507b3767 |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth_digest_md5.c Sun Oct 17 03:40:26 2010 +0000 +++ b/libpurple/protocols/jabber/auth_digest_md5.c Sun Oct 17 03:55:04 2010 +0000 @@ -182,7 +182,9 @@ dec_in = (char *)purple_base64_decode(enc_in, NULL); purple_debug_misc("jabber", "decoded challenge (%" - G_GSIZE_FORMAT "): %s\n", strlen(dec_in), dec_in); + G_GSIZE_FORMAT "): %s\n", + dec_in != NULL ? strlen(dec_in) : 0, + dec_in != NULL ? dec_in : "(null)"); parts = parse_challenge(dec_in);