pidgin/android/libpurple

Fix a crash in Sametime when a malicious server sends us an abnormally
release-2.x.y
2013-02-11, Mark Doliner
c31cf8de31cd
Parents 879db2a9a59c
Children ad7e7fb98db3
Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID.

This is CVE-2013-0273.

The problem was detected by Coverity static analysis and fixed by
Daniel Atallah.
2 files changed, 5 insertions(+), 1 deletions(-)
  • +4 -0
    ChangeLog
  • +1 -1
    libpurple/protocols/sametime/sametime.c
    • --- a/ChangeLog Mon Feb 11 01:09:30 2013 -0800
    +++ b/ChangeLog Mon Feb 11 01:11:47 2013 -0800
    @@ -55,6 +55,10 @@
    * Increase the maximum file size that can be transferred to 1 MB.
    * When setting an avatar image, no longer downscale it to 96x96.
    + Sametime:
    + * Fix a crash in Sametime when a malicious server sends us an abnormally
    + long user ID. (CVE-2013-0273)
    +
    Yahoo!:
    * Fix a double-free in profile/picture loading code. (Mihai Serban)
    (#15053)
    --- a/libpurple/protocols/sametime/sametime.c Mon Feb 11 01:09:30 2013 -0800
    +++ b/libpurple/protocols/sametime/sametime.c Mon Feb 11 01:11:47 2013 -0800
    @@ -4977,7 +4977,7 @@
    data. wtf? */
    static char buf[BUF_LEN];
    - strncpy(buf, id, sizeof(buf));
    + g_strlcpy(buf, id, sizeof(buf));
    return buf;
    }