Mxit: fix a possible segfault, refs VRT-2013-1002 release-2.x.y
authorTomasz Wasilczyk <twasilczyk@pidgin.im>
Thu, 09 Jan 2014 21:45:33 +0100
branchrelease-2.x.y
changeset4c897372b5a4 pushlog
parent ec15aa187aa0
child 188b3b588b6d
Mxit: fix a possible segfault, refs VRT-2013-1002
libpurple/protocols/mxit/markup.c
     1.1 --- a/libpurple/protocols/mxit/markup.c
     1.2 +++ b/libpurple/protocols/mxit/markup.c
     1.3 @@ -203,7 +203,8 @@
     1.4   */
     1.5  static int asn_getUtf8( const gchar* data, gchar type, char** utf8 )
     1.6  {
     1.7 -	int		len;
     1.8 +	unsigned int len;
     1.9 +	gchar *out_str;
    1.10  
    1.11  	/* validate the field type [1 byte] */
    1.12  	if ( data[0] != type ) {
    1.13 @@ -212,10 +213,17 @@
    1.14  		return -1;
    1.15  	}
    1.16  
    1.17 -	len = data[1];						/* length field [1 bytes] */
    1.18 -	*utf8 = g_malloc( len + 1 );
    1.19 -	memcpy( *utf8, &data[2], len );		/* data field */
    1.20 -	(*utf8)[len] = '\0';
    1.21 +	len = (uint8_t)data[1]; /* length field [1 byte] */
    1.22 +	out_str = g_malloc(len + 1);
    1.23 +	if (out_str == NULL) {
    1.24 +		purple_debug_fatal(MXIT_PLUGIN_ID, "asn_getUtf8: out of memory");
    1.25 +		return -1;
    1.26 +	}
    1.27 +
    1.28 +	memcpy(out_str, &data[2], len); /* data field */
    1.29 +	out_str[len] = '\0';
    1.30 +
    1.31 +	*utf8 = out_str;
    1.32  
    1.33  	return ( len + 2 );
    1.34  }