Mercurial > pidgin3 / changeset

changeset

Fix crashes when filenames end up being NULL in some prpls. release-2.5.9 v2.5.9

Sun, 16 Aug 2009 19:30:54 +0000

author
Elliott Sales de Andrade <qulogic@pidgin.im>
date
Sun, 16 Aug 2009 19:30:54 +0000
branch
release-2.5.9
changeset 25794
3ef2ec3fc4d3
parent 25793
520f63cb3e3e
child 28208
93777295d480

Fix crashes when filenames end up being NULL in some prpls.


committer: John Bailey <rekkanoryo@rekkanoryo.org>

ChangeLog file | annotate | diff | comparison | revisions
NEWS file | annotate | diff | comparison | revisions
libpurple/protocols/bonjour/bonjour_ft.c file | annotate | diff | comparison | revisions
libpurple/protocols/jabber/oob.c file | annotate | diff | comparison | revisions
libpurple/protocols/msn/slp.c file | annotate | diff | comparison | revisions 
--- a/ChangeLog	Fri Aug 14 23:36:10 2009 +0000
+++ b/ChangeLog	Sun Aug 16 19:30:54 2009 +0000
@@ -2,6 +2,8 @@
 
 version 2.5.9 (08/18/2009):
 	* Fix a crash via a specially crafted MSN message (CVE-2009-2694).
+	* Fix a crash in Bonjour, MSN, and XMPP when trying to transfer files with
+	  NULL names.
 
 version 2.5.8 (06/27/2009):
 	ICQ:
--- a/NEWS	Fri Aug 14 23:36:10 2009 +0000
+++ b/NEWS	Sun Aug 16 19:30:54 2009 +0000
@@ -4,7 +4,7 @@
 
 2.5.9 (08/18/2009):
 	John:  This release is just a crash fix release to address a security
-	issue reported to us by CORE.
+	issue reported to us by CORE and a couple crashes Elliott found.
 
 2.5.8 (06/27/2009):
 	John:  This release is another somewhat rushed bugfix release to fix
--- a/libpurple/protocols/bonjour/bonjour_ft.c	Fri Aug 14 23:36:10 2009 +0000
+++ b/libpurple/protocols/bonjour/bonjour_ft.c	Sun Aug 16 19:30:54 2009 +0000
@@ -448,9 +448,11 @@
 
 				/* TODO: Make sure that it is advertising a bytestreams transfer */
 
-				bonjour_xfer_receive(pc, id, sid, pb->name, filesize, filename, XEP_BYTESTREAMS);
+				if (filename) {
+					bonjour_xfer_receive(pc, id, sid, pb->name, filesize, filename, XEP_BYTESTREAMS);
 
-				parsed_receive = TRUE;
+					parsed_receive = TRUE;
+				}
 			}
 
 			if (!parsed_receive) {
--- a/libpurple/protocols/jabber/oob.c	Fri Aug 14 23:36:10 2009 +0000
+++ b/libpurple/protocols/jabber/oob.c	Sun Aug 16 19:30:54 2009 +0000
@@ -207,7 +207,10 @@
 	url = xmlnode_get_data(urlnode);
 
 	jox = g_new0(JabberOOBXfer, 1);
-	purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL);
+	if (!purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL)) {
+		g_free(url);
+		return;
+	}
 	g_free(url);
 	jox->js = js;
 	jox->headers = g_string_new("");
--- a/libpurple/protocols/msn/slp.c	Fri Aug 14 23:36:10 2009 +0000
+++ b/libpurple/protocols/msn/slp.c	Sun Aug 16 19:30:54 2009 +0000
@@ -363,7 +363,7 @@
 
 			g_free(bin);
 
-			purple_xfer_set_filename(xfer, file_name);
+			purple_xfer_set_filename(xfer, file_name ? file_name : "");
 			g_free(file_name);
 			purple_xfer_set_size(xfer, file_size);
 			purple_xfer_set_init_fnc(xfer, msn_xfer_init);

Mercurial Repository: pidgin3

mercurial