pidgin/pidgin

Fix a possible information leak when preping XMPP JIDs.
release-2.x.y
2014-10-13, Mark Doliner
ea46ab68f0dc
Parents c890736a8d5a
Children 5c2b82c2873d
Fix a possible information leak when preping XMPP JIDs.

Discovered and fixed by Thijs Alkemade and Paul Aurich and reported
to us privately on our security@pidgin.im mailing list.
2 files changed, 9 insertions(+), 2 deletions(-)
  • +5 -0
    ChangeLog
  • +4 -2
    libpurple/protocols/jabber/jutil.c
    • --- a/ChangeLog Mon Oct 13 23:06:08 2014 -0700
    +++ b/ChangeLog Mon Oct 13 23:47:37 2014 -0700
    @@ -45,6 +45,11 @@
    (CVE-2014-NNNN)
    XMPP:
    + * Fix potential information leak where a malicious XMPP server and
    + possibly even a malicious remote user could create a carefully crafted
    + XMPP message that causes libpurple to send an XMPP message containing
    + arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
    + Aurich) (CVE-2014-NNNN)
    * Fix Facebook XMPP roster quirks. (#15041, #15957)
    Yahoo:
    --- a/libpurple/protocols/jabber/jutil.c Mon Oct 13 23:06:08 2014 -0700
    +++ b/libpurple/protocols/jabber/jutil.c Mon Oct 13 23:47:37 2014 -0700
    @@ -81,10 +81,10 @@
    if (slash) {
    domain_len = slash - str;
    - resource = slash;
    + resource = slash + 1;
    resource_len = null - (slash + 1);
    } else {
    - domain_len = null - (str + 1);
    + domain_len = null - str;
    }
    }
    @@ -126,6 +126,8 @@
    jid = NULL;
    goto out;
    }
    +
    + jid->domain = g_strndup(domain, domain_len);
    } else {
    /* Apply nameprep */
    if (stringprep_nameprep(idn_buffer, sizeof(idn_buffer)) != STRINGPREP_OK) {