From: Mark Doliner <mark@ki...> - 2006-08-12 11:01:23
On Sat, 12 Aug 2006 03:46:26 -0400, Jon Oberheide wrote
> While constructing arbitrary AIM messaging packets, I came across a
> packet that causes Gaim to become unresponsive and fully consume CPU
> The output from `gaim -d` just has this line repeated over and over:
> oscar: incomingim_ch1: unknown TLV 0x0000 (len 0)
> It appears that a TLV of length 0 inside an incoming ICMB will cause
> Gaim to get caught in a loop and hang. While such a TLV is unlikely
> to ever be generated by an AIM server, it is possible to rewrite the
> packet on the way to its destination causing a denial of service.
> Attached is a packet capture of the offending packet.
Awesome, thanks. This should be fixed now in both HEAD and the v2_0_0 in SVN.
Do you think you could test it out for me to verify? I don't have an easy
way to reproduce this. Thanks!
Get latest updates about Open Source Projects, Conferences and News.