Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
authorJohn Bailey <rekkanoryo@rekkanoryo.org>
Fri, 11 Mar 2011 02:00:15 +0000
changeset3efb6fbae94a pushlog
parent 2cb15e661252
child e5eac36bfec0
Fix CVE-2011-1091, improper handling of malformed YMSG packets cause NULL
pointer dereferences, leading to denial of service.
libpurple/protocols/yahoo/libymsg.c
      1.1 --- a/libpurple/protocols/yahoo/libymsg.c
      1.2 +++ b/libpurple/protocols/yahoo/libymsg.c
      1.3 @@ -842,7 +842,7 @@
      1.4  				break;
      1.5  		}
      1.6  
      1.7 -		if (*stat == '1')
      1.8 +		if (stat && *stat == '1')
      1.9  			serv_got_typing(gc, fed_from, 0, PURPLE_TYPING);
     1.10  		else
     1.11  			serv_got_typing_stopped(gc, fed_from);
     1.12 @@ -864,7 +864,7 @@
     1.13  
     1.14  		yahoo_friend_set_game(f, NULL);
     1.15  
     1.16 -		if (*stat == '1') {
     1.17 +		if (stat && *stat == '1') {
     1.18  			yahoo_friend_set_game(f, game);
     1.19  			if (bud)
     1.20  				yahoo_update_status(gc, from, f);
     1.21 @@ -922,6 +922,11 @@
     1.22  		l = l->next;
     1.23  	}
     1.24  
     1.25 +	if(!sms) {
     1.26 +		purple_debug_info("yahoo", "Received a malformed SMS packet!\n");
     1.27 +		return;
     1.28 +	}
     1.29 +
     1.30  	if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) {
     1.31  		if (server_msg) {
     1.32  			PurpleConversation *c;