changeset
Merged in EionRobb/security/EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880 (pull request #15)
Wed, 01 Mar 2017 03:13:00 +0000
- author
- Gary Kramlich <grim@reaperworld.com>
- date
- Wed, 01 Mar 2017 03:13:00 +0000
- branch
- release-2.x.y
- changeset 38227
- e85451478ebe
- parent 38224
- d51eda86db9e (diff)
- parent 38226
- b2fc9e774cb9 (current diff)
- child 38228
- 018fa8075345
Merged in EionRobb/security/EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880 (pull request #15)
Fix for crash when sending invalid xml entities separated by whitespace, eg "&# 3000;"
Approved-by: Gary Kramlich
Approved-by: dx
--- a/libpurple/plugins/ssl/ssl-nss.c Mon Feb 20 21:05:32 2017 +0000 +++ b/libpurple/plugins/ssl/ssl-nss.c Wed Mar 01 03:13:00 2017 +0000 @@ -1010,6 +1010,7 @@ { CERTCertificate *crt_dat; PRTime nss_activ, nss_expir; + SECStatus cert_times_success; g_return_val_if_fail(crt, FALSE); g_return_val_if_fail(crt->scheme == &x509_nss, FALSE); @@ -1019,10 +1020,9 @@ /* Extract the times into ugly PRTime thingies */ /* TODO: Maybe this shouldn't throw an error? */ - g_return_val_if_fail( - SECSuccess == CERT_GetCertTimes(crt_dat, - &nss_activ, &nss_expir), - FALSE); + cert_times_success = CERT_GetCertTimes(crt_dat, + &nss_activ, &nss_expir); + g_return_val_if_fail(cert_times_success == SECSuccess, FALSE); /* NSS's native PRTime type *almost* corresponds to time_t; however, it measures *microseconds* since the epoch, not seconds. Hence
