changeset
Fix a potential null pointer dereference in the MSN protocol, discovered
Tue, 07 Jun 2011 08:13:59 +0000
- author
- Mark Doliner <markdoliner@pidgin.im>
- date
- Tue, 07 Jun 2011 08:13:59 +0000
- changeset 31852
- 2b305d5e6d5e
- parent 31851
- 8bce7b3c5fbe
- child 31853
- f2e8718c9dfa
Fix a potential null pointer dereference in the MSN protocol, discovered
by Marius Wachtler and reported to security@pidgin.im on March 22nd.
This one is kinda rare, and requires someone to perform a man-in-the-middle
attack in order to cause the crash. So we're not going to go through the
CVE process for it (at least... probably not).
| libpurple/protocols/msn/httpconn.c | file | annotate | diff | comparison | revisions |
--- a/libpurple/protocols/msn/httpconn.c Tue Jun 07 07:42:56 2011 +0000 +++ b/libpurple/protocols/msn/httpconn.c Tue Jun 07 08:13:59 2011 +0000 @@ -217,7 +217,7 @@ g_free(tmp); - t = strchr(full_session_id, '.'); + t = full_session_id ? strchr(full_session_id, '.') : NULL; if (t != NULL) session_id = g_strndup(full_session_id, t - full_session_id); else {
