--- a/libpurple/protocols/novell/nmevent.c Mon Apr 07 23:45:55 2014 -0700
+++ b/libpurple/protocols/novell/nmevent.c Tue Apr 08 00:31:25 2014 -0700
@@ -149,7 +149,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -164,7 +164,7 @@
/* Read the message text */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 100000) return NMERR_PROTOCOL; msg = g_new0(char, size + 1);
@@ -270,7 +270,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -280,7 +280,7 @@
/* Read the the message */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 100000) return NMERR_PROTOCOL; msg = g_new0(char, size + 1);
@@ -349,7 +349,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -401,7 +401,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -440,7 +440,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -490,7 +490,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -530,7 +530,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -589,7 +589,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -632,7 +632,7 @@
/* Read the status text */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 10000) return NMERR_PROTOCOL; text = g_new0(char, size + 1);
@@ -670,7 +670,7 @@
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
- if (size == MAX_UINT32) return NMERR_PROTOCOL;
+ if (size > 1000) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
@@ -833,7 +833,10 @@
/* Read the event source */
rc = nm_read_uint32(conn, &size);
+ /* Size is larger than our 1MB sanity check. Ignore it. */ source = g_new0(char, size);
rc = nm_read_all(conn, source, size);