# HG changeset patch
# User John Bailey <rekkanoryo@rekkanoryo.org>
# Date 1299808815 0
# Node ID d88f3153170bfc13bfa285dba8538752cc1544c6
# Parent  9d32376fb157ed3683d913d330b96bddd8ff0309
Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
pointer dereferences, leading to denial of service.

diff -r 9d32376fb157 -r d88f3153170b libpurple/protocols/yahoo/libymsg.c
--- a/libpurple/protocols/yahoo/libymsg.c	Fri Mar 11 01:56:51 2011 +0000
+++ b/libpurple/protocols/yahoo/libymsg.c	Fri Mar 11 02:00:15 2011 +0000
@@ -842,7 +842,7 @@
 				break;
 		}
 
-		if (*stat == '1')
+		if (stat && *stat == '1')
 			serv_got_typing(gc, fed_from, 0, PURPLE_TYPING);
 		else
 			serv_got_typing_stopped(gc, fed_from);
@@ -864,7 +864,7 @@
 
 		yahoo_friend_set_game(f, NULL);
 
-		if (*stat == '1') {
+		if (stat && *stat == '1') {
 			yahoo_friend_set_game(f, game);
 			if (bud)
 				yahoo_update_status(gc, from, f);
@@ -922,6 +922,11 @@
 		l = l->next;
 	}
 
+	if(!sms) {
+		purple_debug_info("yahoo", "Received a malformed SMS packet!\n");
+		return;
+	}
+
 	if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) {
 		if (server_msg) {
 			PurpleConversation *c;