pidgin/android/libpurple2

MXit: Ealier versions of GLib may cause purple_base64_decode() to return NULL.
release-2.x.y
2013-03-06, Andrew Victor
9eb08b587d95
Parents 094a4b10e8d5
Children 5c8caea5bd66a92df44dceb3
MXit: Ealier versions of GLib may cause purple_base64_decode() to return NULL.
The local user could crash Pidgin by modifying the UserId when adding a
contact via search-results.

Thanks to Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen for finding the issue.
2 files changed, 6 insertions(+), 2 deletions(-)
  • +2 -0
    libpurple/protocols/mxit/formcmds.c
  • +4 -2
    libpurple/protocols/mxit/roster.c
    • --- a/libpurple/protocols/mxit/formcmds.c Tue Mar 05 15:36:12 2013 +0200
    +++ b/libpurple/protocols/mxit/formcmds.c Wed Mar 06 13:26:27 2013 +0200
    @@ -412,6 +412,8 @@
    /* base64 decode the image data */
    rawimg = purple_base64_decode(tmp, &rawimglen);
    + if (!rawimg)
    + return;
    /* save it to a file */
    dir = g_build_filename(purple_user_dir(), "mxit", "imagestrips", NULL);
    --- a/libpurple/protocols/mxit/roster.c Tue Mar 05 15:36:12 2013 +0200
    +++ b/libpurple/protocols/mxit/roster.c Wed Mar 06 13:26:27 2013 +0200
    @@ -750,8 +750,10 @@
    if ( buddy_name[0] == '#' ) {
    gchar *tmp = (gchar*) purple_base64_decode( buddy_name + 1, NULL );
    - mxit_send_invite( session, tmp, FALSE, buddy_alias, group_name, message );
    - g_free( tmp );
    + if ( tmp ) {
    + mxit_send_invite( session, tmp, FALSE, buddy_alias, group_name, message );
    + g_free( tmp );
    + }
    }
    else
    mxit_send_invite( session, buddy_name, TRUE, buddy_alias, group_name, message );