pidgin/pidgin
Clone
Summary
Browse
Changes
Graph
Merged TALOS-CAN-0142
release-2.x.y
2016-06-12, Gary Kramlich
048d46315e91
Parents
5ae57760ca10
0ee892d194e3
Children
34d56e0586c4
Merged TALOS-CAN-0142
2 files changed, 3 insertions(+), 1 deletions(-)
+2
-0
ChangeLog
+1
-1
libpurple/protocols/mxit/multimx.c
--- a/ChangeLog Sun Jun 12 22:17:08 2016 -0500
+++ b/ChangeLog Sun Jun 12 22:22:06 2016 -0500
@@ -37,6 +37,8 @@
Cisco Talos. (TALOS-CAN-0136)
* Fixed a remote NULL pointer dereference. Discovered by Yves Younan of
Cisco Talos (TALOS-CAN-0137)
+ * Fixed a remote code execution issue discovered by Yves Younan of Cisco
+ Talos. (TALOS-CAN-0142)
version 2.10.12 (12/31/15):
General:
--- a/libpurple/protocols/mxit/multimx.c Sun Jun 12 22:17:08 2016 -0500
+++ b/libpurple/protocols/mxit/multimx.c Sun Jun 12 22:22:06 2016 -0500
@@ -360,7 +360,7 @@
unsigned int i;
for (i = 1; i < strlen(msg); i++) { /* search for end of nickname */
- if (msg[i] == '>') {
+ if ((msg[i] == '>') && (msg[i+1] == '\n')) {
msg[i] = '\0';
g_free(mx->from);
mx->from = g_strdup(&msg[1]);
