qulogic/pidgin

Merged TALOS-CAN-0139
release-2.x.y
2016-06-12, Gary Kramlich
8943e2d16d5a
Parents 34d56e0586c4285e174ab39c
Children 43aa3fab2883
Merged TALOS-CAN-0139
2 files changed, 8 insertions(+), 0 deletions(-)
  • +2 -0
    ChangeLog
  • +6 -0
    libpurple/protocols/mxit/protocol.c
    • --- a/ChangeLog Sun Jun 12 22:26:39 2016 -0500
    +++ b/ChangeLog Sun Jun 12 22:28:11 2016 -0500
    @@ -41,6 +41,8 @@
    Talos. (TALOS-CAN-0142)
    * Fixed a remote denial of service vulnerability in contact mood
    handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
    + * Fixed a remote out-of-bounds write vulnerability. Discovered by Yves
    + Younan of Cisco Talos. (TALOS-CAN-0139)
    version 2.10.12 (12/31/15):
    General:
    --- a/libpurple/protocols/mxit/protocol.c Sun Jun 12 22:26:39 2016 -0500
    +++ b/libpurple/protocols/mxit/protocol.c Sun Jun 12 22:28:11 2016 -0500
    @@ -1840,6 +1840,12 @@
    /* set the count for attributes */
    count = atoi( records[0]->fields[1]->data );
    + /* ensure the packet has the correct number of fields */
    + if ( records[0]->fcount < ( 2 + ( count * 3 ) ) ) {
    + purple_debug_error( MXIT_PLUGIN_ID, "Insufficient number of fields in extprofile response. fields=%i records=%i", records[0]->fcount, count );
    + return;
    + }
    +
    for ( i = 0; i < count; i++ ) {
    char* fname;
    char* fvalue;