pidgin/pidgin

msn: prevent potential heap overflow when constructing a message to be sent
release-2.x.y
2013-11-09, Daniel Atallah
2a77da513a03
Parents 4180f5333fab
Children ec15aa187aa0
msn: prevent potential heap overflow when constructing a message to be sent

* Thanks goes to Matt Jones for noticing this
1 files changed, 3 insertions(+), 2 deletions(-)
  • +3 -2
    libpurple/protocols/msn/msg.c
    • --- a/libpurple/protocols/msn/msg.c Sat Nov 09 16:17:58 2013 -0500
    +++ b/libpurple/protocols/msn/msg.c Sat Nov 09 16:47:10 2013 -0500
    @@ -366,11 +366,12 @@
    n += strlen(n);
    }
    - n += g_strlcpy(n, "\r\n", end - n);
    + if ((end - n) > 2)
    + n += g_strlcpy(n, "\r\n", end - n);
    body = msn_message_get_bin_data(msg, &body_len);
    - if (body != NULL)
    + if (body != NULL && (end - n) > body_len)
    {
    memcpy(n, body, body_len);
    n += body_len;