Menu
▾
▴
[Gaim-devel] Gaim 0.59.8 buffer overflows
|
From: Christof M. <cm...@we...> - 2003-03-01 09:49:28
|
Hi, there seem to be some buffer overflows in Gaim 0.59.x when receiving large messages containing URLs. In src/server.c a buffer for the received message is allocated using: g_malloc(MAX(strlen(message) + 1, BUF_LONG)); But if the message is larger than BUF_LONG only "strlen(message) + 1" bytes are allocated. The buffer overflow then occurs in util.c:linkify_text if the message contains URLs as plain text. bye, Christof -- http://cmeerw.org JID: cm...@ja... mailto cmeerw at web.de |
