Fix a crash in Sametime when a malicious server sends us an abnormally release-2.x.y
authorMark Doliner <mark@kingant.net>
Mon, 11 Feb 2013 01:11:47 -0800
branchrelease-2.x.y
changesetc31cf8de31cd pushlog
parent 879db2a9a59c
child ad7e7fb98db3
Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID.

This is CVE-2013-0273.

The problem was detected by Coverity static analysis and fixed by
Daniel Atallah.
ChangeLog
libpurple/protocols/sametime/sametime.c
      1.1 --- a/ChangeLog
      1.2 +++ b/ChangeLog
      1.3 @@ -55,6 +55,10 @@
      1.4  	* Increase the maximum file size that can be transferred to 1 MB.
      1.5  	* When setting an avatar image, no longer downscale it to 96x96.
      1.6  
      1.7 +	Sametime:
      1.8 +	* Fix a crash in Sametime when a malicious server sends us an abnormally
      1.9 +	  long user ID. (CVE-2013-0273)
     1.10 +
     1.11  	Yahoo!:
     1.12  	* Fix a double-free in profile/picture loading code. (Mihai Serban)
     1.13  	  (#15053)
      2.1 --- a/libpurple/protocols/sametime/sametime.c
      2.2 +++ b/libpurple/protocols/sametime/sametime.c
      2.3 @@ -4977,7 +4977,7 @@
      2.4       data. wtf? */
      2.5  
      2.6    static char buf[BUF_LEN];
      2.7 -  strncpy(buf, id, sizeof(buf));
      2.8 +  g_strlcpy(buf, id, sizeof(buf));
      2.9    return buf;
     2.10  }
     2.11