Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
authorJohn Bailey <rekkanoryo@rekkanoryo.org>
Fri, 11 Mar 2011 02:00:15 +0000
changeset3efb6fbae94a pushlog
parent 2cb15e661252
child e5eac36bfec0
Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
pointer dereferences, leading to denial of service.
libpurple/protocols/yahoo/libymsg.c
     1.1 --- a/libpurple/protocols/yahoo/libymsg.c
     1.2 +++ b/libpurple/protocols/yahoo/libymsg.c
     1.3 @@ -842,7 +842,7 @@
     1.4  				break;
     1.5  		}
     1.6  
     1.7 -		if (*stat == '1')
     1.8 +		if (stat && *stat == '1')
     1.9  			serv_got_typing(gc, fed_from, 0, PURPLE_TYPING);
    1.10  		else
    1.11  			serv_got_typing_stopped(gc, fed_from);
    1.12 @@ -864,7 +864,7 @@
    1.13  
    1.14  		yahoo_friend_set_game(f, NULL);
    1.15  
    1.16 -		if (*stat == '1') {
    1.17 +		if (stat && *stat == '1') {
    1.18  			yahoo_friend_set_game(f, game);
    1.19  			if (bud)
    1.20  				yahoo_update_status(gc, from, f);
    1.21 @@ -922,6 +922,11 @@
    1.22  		l = l->next;
    1.23  	}
    1.24  
    1.25 +	if(!sms) {
    1.26 +		purple_debug_info("yahoo", "Received a malformed SMS packet!\n");
    1.27 +		return;
    1.28 +	}
    1.29 +
    1.30  	if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) {
    1.31  		if (server_msg) {
    1.32  			PurpleConversation *c;