Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 9e7d2f4ac8cc09d3a5d0312d619be54c > files > 2

pidgin-2.6.6-11.el5.4.src.rpm

diff -up pidgin-2.6.6/libpurple/ntlm.c.CVE-2010-3711 pidgin-2.6.6/libpurple/ntlm.c
--- pidgin-2.6.6/libpurple/ntlm.c.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/ntlm.c	2010-10-19 17:09:08.342393608 -0400
@@ -152,9 +152,14 @@ purple_ntlm_parse_type2(const gchar *typ
 	static guint8 nonce[8];
 
 	tmsg = (struct type2_message*)purple_base64_decode(type2, &retlen);
-	memcpy(nonce, tmsg->nonce, 8);
-	if (flags != NULL)
-		*flags = GUINT16_FROM_LE(tmsg->flags);
+	if (tmsg != NULL && retlen >= (sizeof(struct type2_message) - 1)) {
+		memcpy(nonce, tmsg->nonce, 8);
+		if (flags != NULL)
+			*flags = GUINT16_FROM_LE(tmsg->flags);
+	} else {
+		purple_debug_error("ntlm", "Unable to parse type2 message - returning empty nonce.\n");
+		memset(nonce, 0, 8);
+	}
 	g_free(tmsg);
 
 	return nonce;
diff -up pidgin-2.6.6/libpurple/plugins/perl/common/Util.xs.CVE-2010-3711 pidgin-2.6.6/libpurple/plugins/perl/common/Util.xs
--- pidgin-2.6.6/libpurple/plugins/perl/common/Util.xs.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/plugins/perl/common/Util.xs	2010-10-19 17:09:08.342393608 -0400
@@ -238,7 +238,7 @@ purple_base16_decode(str)
 	guchar *ret;
 	CODE:
 		ret = purple_base16_decode(str, &len);
-		if(len) {
+		if(ret && len > 0) {
 			RETVAL = newSVpv((gchar *)ret, len);
 		} else {
 			g_free(ret);
@@ -256,7 +256,7 @@ purple_base64_decode(str)
 	guchar *ret;
 	CODE:
 		ret = purple_base64_decode(str, &len);
-		if(len) {
+		if(ret && len > 0) {
 			RETVAL = newSVpv((gchar *)ret, len);
 		} else {
 			g_free(ret);
diff -up pidgin-2.6.6/libpurple/protocols/jabber/auth_digest_md5.c.CVE-2010-3711 pidgin-2.6.6/libpurple/protocols/jabber/auth_digest_md5.c
--- pidgin-2.6.6/libpurple/protocols/jabber/auth_digest_md5.c.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/protocols/jabber/auth_digest_md5.c	2010-10-19 17:09:08.348393539 -0400
@@ -182,7 +182,9 @@ digest_md5_handle_challenge(JabberStream
 
 	dec_in = (char *)purple_base64_decode(enc_in, NULL);
 	purple_debug_misc("jabber", "decoded challenge (%"
-			G_GSIZE_FORMAT "): %s\n", strlen(dec_in), dec_in);
+			G_GSIZE_FORMAT "): %s\n",
+			dec_in != NULL ? strlen(dec_in) : 0,
+			dec_in != NULL  ? dec_in : "(null)");
 
 	parts = parse_challenge(dec_in);
 
diff -up pidgin-2.6.6/libpurple/protocols/msn/slp.c.CVE-2010-3711 pidgin-2.6.6/libpurple/protocols/msn/slp.c
--- pidgin-2.6.6/libpurple/protocols/msn/slp.c.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/protocols/msn/slp.c	2010-10-19 17:44:22.733409625 -0400
@@ -399,30 +399,33 @@ got_sessionreq(MsnSlpCall *slpcall, cons
 		if (xfer)
 		{
 			bin = (char *)purple_base64_decode(context, &bin_len);
-			file_size = GUINT32_FROM_LE(*(gsize *)(bin + 8));
+			if (bin)
+			{
+				file_size = GUINT32_FROM_LE(*(gsize *)(bin + 8));
 
-			file_name = g_convert(bin + 20, MAX_FILE_NAME_LEN, "UTF-8", "UTF-16LE",
-			                      NULL, NULL, NULL);
+				file_name = g_convert(bin + 20, MAX_FILE_NAME_LEN, "UTF-8", "UTF-16LE",
+						      NULL, NULL, NULL);
 
-			g_free(bin);
+				g_free(bin);
 
-			purple_xfer_set_filename(xfer, file_name ? file_name : "");
-			g_free(file_name);
-			purple_xfer_set_size(xfer, file_size);
-			purple_xfer_set_init_fnc(xfer, msn_xfer_init);
-			purple_xfer_set_request_denied_fnc(xfer, msn_xfer_cancel);
-			purple_xfer_set_cancel_recv_fnc(xfer, msn_xfer_cancel);
-			purple_xfer_set_read_fnc(xfer, msn_xfer_read);
-			purple_xfer_set_write_fnc(xfer, msn_xfer_write);
+				purple_xfer_set_filename(xfer, file_name ? file_name : "");
+				g_free(file_name);
+				purple_xfer_set_size(xfer, file_size);
+				purple_xfer_set_init_fnc(xfer, msn_xfer_init);
+				purple_xfer_set_request_denied_fnc(xfer, msn_xfer_cancel);
+				purple_xfer_set_cancel_recv_fnc(xfer, msn_xfer_cancel);
+				purple_xfer_set_read_fnc(xfer, msn_xfer_read);
+				purple_xfer_set_write_fnc(xfer, msn_xfer_write);
 
-			slpcall->u.incoming_data = g_byte_array_new();
+				slpcall->u.incoming_data = g_byte_array_new();
 
-			slpcall->xfer = xfer;
-			purple_xfer_ref(slpcall->xfer);
+				slpcall->xfer = xfer;
+				purple_xfer_ref(slpcall->xfer);
 
-			xfer->data = slpcall;
+				xfer->data = slpcall;
 
-			purple_xfer_request(xfer);
+				purple_xfer_request(xfer);
+			}
 		}
 
 		accepted = TRUE;
diff -up pidgin-2.6.6/libpurple/protocols/myspace/message.c.CVE-2010-3711 pidgin-2.6.6/libpurple/protocols/myspace/message.c
--- pidgin-2.6.6/libpurple/protocols/myspace/message.c.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/protocols/myspace/message.c	2010-10-19 17:09:08.346393561 -0400
@@ -1363,7 +1363,7 @@ msim_msg_get_binary_from_element(MsimMes
 			 *
 			 */
 			*binary_data = (gchar *)purple_base64_decode((const gchar *)elem->data, binary_length);
-			return TRUE;
+			return ((*binary_data) != NULL);
 
 		case MSIM_TYPE_BINARY:
 			gs = (GString *)elem->data;
diff -up pidgin-2.6.6/libpurple/protocols/oscar/clientlogin.c.CVE-2010-3711 pidgin-2.6.6/libpurple/protocols/oscar/clientlogin.c
--- pidgin-2.6.6/libpurple/protocols/oscar/clientlogin.c.CVE-2010-3711	2010-10-19 17:08:33.360798037 -0400
+++ pidgin-2.6.6/libpurple/protocols/oscar/clientlogin.c	2010-10-19 17:09:08.347393550 -0400
@@ -259,7 +259,7 @@ static void start_oscar_session_cb(Purpl
 	char *tls_certname = NULL;
 	unsigned short port;
 	guint8 *cookiedata;
-	gsize cookiedata_len;
+	gsize cookiedata_len = 0;
 
 	od = user_data;
 	gc = od->gc;
diff -up pidgin-2.6.6/libpurple/protocols/qq/im.c.CVE-2010-3711 pidgin-2.6.6/libpurple/protocols/qq/im.c
--- pidgin-2.6.6/libpurple/protocols/qq/im.c.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/protocols/qq/im.c	2010-10-19 17:09:08.344393584 -0400
@@ -547,7 +547,6 @@ qq_im_format *qq_im_fmt_new_by_purple(co
 	const gchar *start, *end, *last;
 	GData *attribs;
 	gchar *tmp;
-	unsigned char *rgb;
 
 	g_return_val_if_fail(msg != NULL, NULL);
 
@@ -570,8 +569,11 @@ qq_im_format *qq_im_fmt_new_by_purple(co
 
 		tmp = g_datalist_get_data(&attribs, "color");
 		if (tmp && strlen(tmp) > 1) {
-			rgb = purple_base16_decode(tmp + 1, NULL);
-			g_memmove(fmt->rgb, rgb, 3);
+			unsigned char *rgb;
+			gsize rgb_len;
+			rgb = purple_base16_decode(tmp + 1, &rgb_len);
+			if (rgb != NULL && rgb_len >= 3)
+				g_memmove(fmt->rgb, rgb, 3);
 			g_free(rgb);
 		}
 
diff -up pidgin-2.6.6/libpurple/protocols/yahoo/libymsg.c.CVE-2010-3711 pidgin-2.6.6/libpurple/protocols/yahoo/libymsg.c
--- pidgin-2.6.6/libpurple/protocols/yahoo/libymsg.c.CVE-2010-3711	2010-02-16 04:34:06.000000000 -0500
+++ pidgin-2.6.6/libpurple/protocols/yahoo/libymsg.c	2010-10-19 17:09:08.338393653 -0400
@@ -317,7 +317,7 @@ static void yahoo_process_status(PurpleC
 
 			if (pair->value) {
 				decoded = purple_base64_decode(pair->value, &len);
-				if (len) {
+				if (decoded && len > 0) {
 					tmp = purple_str_binary_to_ascii(decoded, len);
 					purple_debug_info("yahoo", "Got key 197, value = %s\n", tmp);
 					g_free(tmp);
@@ -2781,15 +2781,17 @@ static void yahoo_process_p2p(PurpleConn
 	if (base64) {
 		guint32 ip;
 		YahooFriend *f;
-		char *host_ip;
+		char *host_ip, *tmp;
 		struct yahoo_p2p_data *p2p_data;
 
 		decoded = purple_base64_decode(base64, &len);
-		if (len) {
-			char *tmp = purple_str_binary_to_ascii(decoded, len);
-			purple_debug_info("yahoo", "Got P2P service packet (from server): who = %s, ip = %s\n", who, tmp);
-			g_free(tmp);
+		if (decoded == NULL) {
+			purple_debug_info("yahoo","p2p: Unable to decode base64 IP (%s) \n", base64);
+			return;
 		}
+		tmp = purple_str_binary_to_ascii(decoded, len);
+		purple_debug_info("yahoo", "Got P2P service packet (from server): who = %s, ip = %s\n", who, tmp);
+		g_free(tmp);
 
 		ip = strtol((gchar *)decoded, NULL, 10);
 		g_free(decoded);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional