| commit | ea1047c843bc2d1061915c00ec69645ef414b8d3 | |
| author | Mark Doliner <markdoliner@pidgin.im> | |
| Tue, 6 Dec 2011 06:40:23 +0000 (6 06:40 +0000) | ||
| committer | Mark Doliner <markdoliner@pidgin.im> | |
| Tue, 6 Dec 2011 06:40:23 +0000 (6 06:40 +0000) | ||
| tree | 0304c7773e431d829c2ba873e0de2cf9c7c1c66a | treesnapshot (tar.gz zip) |
| parent | 3f783b22ba0938528c5133b4a0bd106d7bd24589 | commitdiff |
Fix remotely-triggerable crashes by validating strings in a few
messages related to buddy list management. Fixes #14682
I changed the four functions that parse incoming authorization-related
SNACs. The changes are:
- Make sure we have a buddy name and it is valid UTF-8. If not, we
drop the SNAC and log a debug message (we can't do much with an empty,
invalid or incorrect buddy name). This wasn't a part of the bug
report and I doubt it's actually a problem, but it seems like a good
idea regardless.
- If the incoming message is not valid UTF-8 then use
purple_utf8_salvage() to replace invalid bytes with question marks. I
believe this fixes the bug in question.
--HG--
branch : release-2.x.y
extra : convert_revision : 757272a78a8ca6027d518e614712c3399e34dda3
messages related to buddy list management. Fixes #14682
I changed the four functions that parse incoming authorization-related
SNACs. The changes are:
- Make sure we have a buddy name and it is valid UTF-8. If not, we
drop the SNAC and log a debug message (we can't do much with an empty,
invalid or incorrect buddy name). This wasn't a part of the bug
report and I doubt it's actually a problem, but it seems like a good
idea regardless.
- If the incoming message is not valid UTF-8 then use
purple_utf8_salvage() to replace invalid bytes with question marks. I
believe this fixes the bug in question.
--HG--
branch : release-2.x.y
extra : convert_revision : 757272a78a8ca6027d518e614712c3399e34dda3
| ChangeLog | diffblobblamehistory | |
| libpurple/protocols/oscar/family_feedbag.c | diffblobblamehistory |