Mercurial > pidgin
view AUTHORS @ 30273:6829b27ee4c8
This patch attempts to fix four bugs in the oscar protocol plugin that
were introduced with the X-Status code in Pidgin 2.7.0.
Problem #1 (the remotely-triggerable crash):
The crash happens when a buddy sets an xstatus message containing <desc>
but no closing </desc>, or <title> but no closing </title>. The fix
is to check the result of strstr(closing_tag_name) and do nothing if it
is NULL. This is CVE-2010-2528.
Problem #2:
Fixes potential incorrect parsing of the xstatus string that could result
in an incorrect message being displayed to the libpurple user. Happens if
an xstatus message contains </desc> before <desc>, or </title> before
<title>. The fix is to start looking for the closing tag at the end
of the beginning tag rather than at the beginning of the xstatus xml.
Probably not a security problem, but definitely a bug.
Problem #3:
Fixes potential incorrect parsing of the xstatus string that could result
in the title not being shown to the libpurple user. Happens if the close
title tag appears after the desc tag in the xstatus xml, because we add a
null character at the beginning of the close title tag, so strstr() for
the desc tag would stop searching there. Probably not a security problem,
but definitely a bug.
Problem #4:
Fixes potential incorrect display of the xstatus string that could result
in an incorrect message being displayed to the libpurple user. Happens
because we reusing the 'xml' string when preparing the string for the user,
but we copy values from xml to xml. If those values overlap with themselves
or with each other then an incorrect value could be displayed. Probably not
a security problem, but definitely a bug.
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Wed, 21 Jul 2010 02:49:23 +0000 |
| parents | 542b75da206e |
| children | c4d512212ae2 |
line wrap: on
line source
Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul ========================================================================== For a complete list of all contributors, see the COPYRIGHT file. We've got an IRC room now too, #pidgin on irc.freenode.net. Come check us out. Current Developers: ------------------ Daniel 'datallah' Atallah - Developer Paul 'darkrain42' Aurich - Developer John 'rekkanoryo' Bailey - Developer Ethan 'Paco-Paco' Blanton - Developer Thomas Butter - Developer Ka-Hing Cheung - Developer Sadrul Habib Chowdhury - Developer Mark 'KingAnt' Doliner - Developer Sean Egan - Developer Casey Harkins - Developer Gary 'grim' Kramlich - Developer Richard 'rlaager' Laager - Developer Sulabh 'sulabh_m' Mahajan - Developer Richard 'wabz' Nelson - Developer Christopher 'siege' O'Brien - Developer Bartosz Oler - Developer Etan 'deryni' Reisner - Developer Tim 'marv' Ringenbach - Developer Michael 'Maiku' Ruprecht - Developer, voice and video Elliott 'QuLogic' Sales de Andrade - Developer Luke 'LSchiere' Schierer - Support Megan 'Cae' Schneider - support/QA Evan Schoenberg - Developer Kevin 'SimGuy' Stange - Developer & Webmaster Will 'resiak' Thompson - Developer Stu 'nosnilmot' Tomlinson - Developer Nathan 'faceprint' Walp - Developer Crazy Patch Writers: ------------------- Marcus 'malu' Lundblad Dennis 'EvilDennisR' Ristuccia Peter 'Fmoo' Ruibal Gabriel 'Nix' Schulhof Jorge 'Masca' Villaseñor Retired Developers: ------------------ Herman Bloggs - Win32 Port Jim Duchek <jim@linuxpimps.com> - maintainer Rob Flynn <gaim@robflynn.com> - maintainer Adam Fritzler - libfaim maintainer Christian 'ChipX86' Hammond - Developer & Webmaster Syd Logan - hacker and designated driver [lazy bum] Jim Seymour - XMPP developer Mark Spencer <markster@marko.net> - original author Eric Warmenhoven <eric@warmenhoven.org> - lead developer Retired Crazy Patch Writers: --------------------------- Felipe 'shx' Contreras Decklin Foster Peter 'Bleeter' Lawler Robert 'Robot101' McQueen Benjamin Miller Artists: ------- Hylke Bons - Icons Other Contributions: ------------------- Much thanks to Evan Martin <martine@cs.washington.edu> for writing GtkSpell <http://gtkspell.sourceforge.net> responsible for the "Highlight misspelled words" feature and for gtk-nativewin <http://bunny.darktech.org/cvs/gtk-nativewin/> the default GTK+-2.0 engine originally used in our win32 port. ** ORIGINAL LOGO DESIGNED BY: Naru Sundar ** Peter Teichiman <peter@helixcode.com> Larry Ewing Jeramey A. Crawford Thanks to these boys. Peter and Larry managed to stomp out a large list of Mem Leaks. Jeramey found the remaining onees and pointed me to those. Props to the boys at Helix Code. Thanks guys. Nathan Walp A healthy amount of patches for the Jabber plugin Neil Sanchala Wrote most of the Zephyr plugin Arkadiusz Miskiewicz Wrote the Gadu-Gadu plugin David Prater <IM: dRaven43> draven@tcsx.net Log and Colour Button Images Sébastien Carpe <IM: Seb Carpe> Base HTTP Proxy Support Ari Pollak <IM: Ari Pollak> compwiz.dhs.org Resize conversation window patch Decklin Foster Many GUI improvements, other nifty additions and fixes David <IM: CrazyDavy> The neato-bigger text box S D Erle Writing a cool perl script to translate WinAIM lists to gaim BMiller A good collection of stuff. %n for away messages, import winaim lists, pic/text/pic+text for buttons, among others Lance Rocker Improved HTML formatting in logs, plus lots of debugging on *BSD. ergofobe: GNOME Url handler patch Justin M. Ward <justin@yossman.net>: Alphabetical Away Messages patch G. Sumner Hayes <IM: SumnerFool> Security Patches Brian Ryner for a little make file patch :) Ryan C. Gordon - I still think you look like Silent Bob. Elliot Tobin <elliot@bha.udel.edu> Thanks to Jeroen van der Vegt for the initial smiley plugin and images. The OpenQ Team Wrote the QQ plugin (see AUTHORS in the qq directory)