qulogic/pidgin

Merge TALOS-CAN-0118
release-2.x.y
2016-06-12, Gary Kramlich
5077da39b6de
Parents 6d984b02fa91ec68c12e262d
Children 1a892845935f
Merge TALOS-CAN-0118
2 files changed, 4 insertions(+), 1 deletions(-)
  • +2 -0
    ChangeLog
  • +2 -1
    libpurple/protocols/mxit/protocol.c
    • --- a/ChangeLog Sun Jun 12 21:57:32 2016 -0500
    +++ b/ChangeLog Sun Jun 12 22:02:24 2016 -0500
    @@ -20,6 +20,8 @@
    Talos. (TALOS-CAN-0140)
    * Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco
    Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
    + * Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
    + (TALOS-CAN-0118)
    version 2.10.12 (12/31/15):
    General:
    --- a/libpurple/protocols/mxit/protocol.c Sun Jun 12 21:57:32 2016 -0500
    +++ b/libpurple/protocols/mxit/protocol.c Sun Jun 12 22:02:24 2016 -0500
    @@ -2775,8 +2775,9 @@
    /* the end of the length record found */
    session->rx_lbuf[session->rx_i] = '\0';
    session->rx_res = atoi( &session->rx_lbuf[3] );
    - if ( session->rx_res > CP_MAX_PACKET ) {
    + if ( ( session->rx_res <= 0 ) || ( session->rx_res > CP_MAX_PACKET ) ) {
    purple_connection_error( session->con, _( "A connection error occurred to MXit. (read stage 0x03)" ) );
    + return;
    }
    session->rx_state = RX_STATE_DATA;
    session->rx_i = 0;