Mercurial > pidgin
changeset 31341:d88f3153170b
Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
pointer dereferences, leading to denial of service.
author | John Bailey <rekkanoryo@rekkanoryo.org> |
---|---|
date | Fri, 11 Mar 2011 02:00:15 +0000 |
parents | 9d32376fb157 |
children | f9cd24db04dd |
files | libpurple/protocols/yahoo/libymsg.c |
diffstat | 1 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/protocols/yahoo/libymsg.c Fri Mar 11 01:56:51 2011 +0000 +++ b/libpurple/protocols/yahoo/libymsg.c Fri Mar 11 02:00:15 2011 +0000 @@ -842,7 +842,7 @@ break; } - if (*stat == '1') + if (stat && *stat == '1') serv_got_typing(gc, fed_from, 0, PURPLE_TYPING); else serv_got_typing_stopped(gc, fed_from); @@ -864,7 +864,7 @@ yahoo_friend_set_game(f, NULL); - if (*stat == '1') { + if (stat && *stat == '1') { yahoo_friend_set_game(f, game); if (bud) yahoo_update_status(gc, from, f); @@ -922,6 +922,11 @@ l = l->next; } + if(!sms) { + purple_debug_info("yahoo", "Received a malformed SMS packet!\n"); + return; + } + if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) { if (server_msg) { PurpleConversation *c;