Fix a crash in Sametime when a malicious server sends us an abnormally release-2.x.y
authorMark Doliner <mark@kingant.net>
Mon, 11 Feb 2013 01:11:47 -0800
branchrelease-2.x.y
changesetc31cf8de31cd pushlog
parent 879db2a9a59c
child ad7e7fb98db3
Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID.

This is CVE-2013-0273.

The problem was detected by Coverity static analysis and fixed by
Daniel Atallah.
ChangeLog
libpurple/protocols/sametime/sametime.c
     1.1 --- a/ChangeLog
     1.2 +++ b/ChangeLog
     1.3 @@ -55,6 +55,10 @@
     1.4  	* Increase the maximum file size that can be transferred to 1 MB.
     1.5  	* When setting an avatar image, no longer downscale it to 96x96.
     1.6  
     1.7 +	Sametime:
     1.8 +	* Fix a crash in Sametime when a malicious server sends us an abnormally
     1.9 +	  long user ID. (CVE-2013-0273)
    1.10 +
    1.11  	Yahoo!:
    1.12  	* Fix a double-free in profile/picture loading code. (Mihai Serban)
    1.13  	  (#15053)
     2.1 --- a/libpurple/protocols/sametime/sametime.c
     2.2 +++ b/libpurple/protocols/sametime/sametime.c
     2.3 @@ -4977,7 +4977,7 @@
     2.4       data. wtf? */
     2.5  
     2.6    static char buf[BUF_LEN];
     2.7 -  strncpy(buf, id, sizeof(buf));
     2.8 +  g_strlcpy(buf, id, sizeof(buf));
     2.9    return buf;
    2.10  }
    2.11