pidgin/ljfisher-ssl-client-auth

Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL

2011-03-11, John Bailey
3efb6fbae94a
Parents 2cb15e661252
Children e5eac36bfec0
Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
pointer dereferences, leading to denial of service.
1 files changed, 7 insertions(+), 2 deletions(-)
  • +7 -2
    libpurple/protocols/yahoo/libymsg.c
    • --- a/libpurple/protocols/yahoo/libymsg.c Fri Mar 11 01:56:51 2011 +0000
    +++ b/libpurple/protocols/yahoo/libymsg.c Fri Mar 11 02:00:15 2011 +0000
    @@ -842,7 +842,7 @@
    break;
    }
    - if (*stat == '1')
    + if (stat && *stat == '1')
    serv_got_typing(gc, fed_from, 0, PURPLE_TYPING);
    else
    serv_got_typing_stopped(gc, fed_from);
    @@ -864,7 +864,7 @@
    yahoo_friend_set_game(f, NULL);
    - if (*stat == '1') {
    + if (stat && *stat == '1') {
    yahoo_friend_set_game(f, game);
    if (bud)
    yahoo_update_status(gc, from, f);
    @@ -922,6 +922,11 @@
    l = l->next;
    }
    + if(!sms) {
    + purple_debug_info("yahoo", "Received a malformed SMS packet!\n");
    + return;
    + }
    +
    if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) {
    if (server_msg) {
    PurpleConversation *c;