Menu
▾
▴
[Gaim-commits] SF.net SVN: gaim: [16717] trunk/src/protocols/oscar/family_icbm.c
|
From: <the...@us...> - 2006-08-12 10:59:16
|
Revision: 16717 Author: thekingant Date: 2006-08-12 03:59:13 -0700 (Sat, 12 Aug 2006) ViewCVS: http://svn.sourceforge.net/gaim/?rev=16717&view=rev Log Message: ----------- Fix a bug reported by Jon Oberheide. If there is an extra either 1 or 3 bytes on an incoming oscar message then our ICBM parser gets into an infinite loop. This could open be caused by a malicious server or a man-in-the-middle. Modified Paths: -------------- trunk/src/protocols/oscar/family_icbm.c Modified: trunk/src/protocols/oscar/family_icbm.c =================================================================== --- trunk/src/protocols/oscar/family_icbm.c 2006-08-12 10:30:30 UTC (rev 16716) +++ trunk/src/protocols/oscar/family_icbm.c 2006-08-12 10:59:13 UTC (rev 16717) @@ -1588,7 +1588,7 @@ * I've changed it to process the TLVs in-place. This avoids lots * of per-IM memory allocations. */ - while (byte_stream_empty(bs)) + while (byte_stream_empty(bs) >= 4) { type = byte_stream_get16(bs); length = byte_stream_get16(bs); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
