Mxit: fix a possible segfault, refs VRT-2013-1002 release-2.x.y
authorTomasz Wasilczyk <twasilczyk@pidgin.im>
Thu, 09 Jan 2014 21:45:33 +0100
branchrelease-2.x.y
changeset4c897372b5a4 pushlog
parent ec15aa187aa0
child 188b3b588b6d
Mxit: fix a possible segfault, refs VRT-2013-1002
libpurple/protocols/mxit/markup.c
      1.1 --- a/libpurple/protocols/mxit/markup.c
      1.2 +++ b/libpurple/protocols/mxit/markup.c
      1.3 @@ -203,7 +203,8 @@
      1.4   */
      1.5  static int asn_getUtf8( const gchar* data, gchar type, char** utf8 )
      1.6  {
      1.7 -	int		len;
      1.8 +	unsigned int len;
      1.9 +	gchar *out_str;
     1.10  
     1.11  	/* validate the field type [1 byte] */
     1.12  	if ( data[0] != type ) {
     1.13 @@ -212,10 +213,17 @@
     1.14  		return -1;
     1.15  	}
     1.16  
     1.17 -	len = data[1];						/* length field [1 bytes] */
     1.18 -	*utf8 = g_malloc( len + 1 );
     1.19 -	memcpy( *utf8, &data[2], len );		/* data field */
     1.20 -	(*utf8)[len] = '\0';
     1.21 +	len = (uint8_t)data[1]; /* length field [1 byte] */
     1.22 +	out_str = g_malloc(len + 1);
     1.23 +	if (out_str == NULL) {
     1.24 +		purple_debug_fatal(MXIT_PLUGIN_ID, "asn_getUtf8: out of memory");
     1.25 +		return -1;
     1.26 +	}
     1.27 +
     1.28 +	memcpy(out_str, &data[2], len); /* data field */
     1.29 +	out_str[len] = '\0';
     1.30 +
     1.31 +	*utf8 = out_str;
     1.32  
     1.33  	return ( len + 2 );
     1.34  }