Attachment 948789 Details for Bug 1154911 – patch from upstream

[patch] patch from upstream

CVE-2014-3698.diff (text/plain), 1.33 KB, created by Murray McAllister on 2014-10-21 03:25:24 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Murray McAllister

Created: 2014-10-21 03:25:24 UTC

Size: 1.33 KB

patch

obsolete

>diff -r c890736a8d5a -r ea46ab68f0dc ChangeLog
>--- a/ChangeLog	Mon Oct 13 23:06:08 2014 -0700
>+++ b/ChangeLog	Mon Oct 13 23:47:37 2014 -0700
>@@ -45,6 +45,11 @@ version 2.10.10 (10/22/14):
> 	  (CVE-2014-NNNN)
> 
> 	XMPP:
>+	* Fix potential information leak where a malicious XMPP server and
>+	  possibly even a malicious remote user could create a carefully crafted
>+	  XMPP message that causes libpurple to send an XMPP message containing
>+	  arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
>+	  Aurich) (CVE-2014-NNNN)
> 	* Fix Facebook XMPP roster quirks. (#15041, #15957)
> 
> 	Yahoo:
>diff -r c890736a8d5a -r ea46ab68f0dc libpurple/protocols/jabber/jutil.c
>--- a/libpurple/protocols/jabber/jutil.c	Mon Oct 13 23:06:08 2014 -0700
>+++ b/libpurple/protocols/jabber/jutil.c	Mon Oct 13 23:47:37 2014 -0700
>@@ -81,10 +81,10 @@ jabber_idn_validate(const char *str, con
> 
> 		if (slash) {
> 			domain_len = slash - str;
>-			resource = slash;
>+			resource = slash + 1;
> 			resource_len = null - (slash + 1);
> 		} else {
>-			domain_len = null - (str + 1);
>+			domain_len = null - str;
> 		}
> 	}
> 
>@@ -126,6 +126,8 @@ jabber_idn_validate(const char *str, con
> 			jid = NULL;
> 			goto out;
> 		}
>+
>+		jid->domain = g_strndup(domain, domain_len);
> 	} else {
> 		/* Apply nameprep */
> 		if (stringprep_nameprep(idn_buffer, sizeof(idn_buffer)) != STRINGPREP_OK) {

Actions: View | Diff

Attachments on bug 1154911: 948789