pidgin/ljfisher-ssl-client-auth

Fix a potential null pointer dereference in the MSN protocol, discovered

2011-06-07, Mark Doliner
2b305d5e6d5e
Parents 8bce7b3c5fbe
Children f2e8718c9dfa
Fix a potential null pointer dereference in the MSN protocol, discovered
by Marius Wachtler and reported to security@pidgin.im on March 22nd.

This one is kinda rare, and requires someone to perform a man-in-the-middle
attack in order to cause the crash. So we're not going to go through the
CVE process for it (at least... probably not).
1 files changed, 1 insertions(+), 1 deletions(-)
  • +1 -1
    libpurple/protocols/msn/httpconn.c
    • --- a/libpurple/protocols/msn/httpconn.c Tue Jun 07 07:42:56 2011 +0000
    +++ b/libpurple/protocols/msn/httpconn.c Tue Jun 07 08:13:59 2011 +0000
    @@ -217,7 +217,7 @@
    g_free(tmp);
    - t = strchr(full_session_id, '.');
    + t = full_session_id ? strchr(full_session_id, '.') : NULL;
    if (t != NULL)
    session_id = g_strndup(full_session_id, t - full_session_id);
    else {