135679 – CAN-2004-0891 MSN protocol buffer overflow.

Bug 135679 - CAN-2004-0891 MSN protocol buffer overflow.

Summary: CAN-2004-0891 MSN protocol buffer overflow.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gaim
Sub Component:
Version:	2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Reed
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-10-14 12:20 UTC by Josh Bressers
Modified:	2007-11-30 22:10 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-10-31 08:50:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2004-10-14 12:20:20 UTC

Buffer overflow when receiving unexpected sequence of MSNSLP messages
Affected code: src/protocols/msn/slplink.c memcpy was used without
checking the size of the buffer before copying to it.  Additionally, a
logic flaw was causing the wrong buffer to be used as the destination
for the copy under certain circumstances.

This issue affects gaim 0.79-1.0.1

Comment 1 Josh Bressers 2004-10-19 18:04:00 UTC

Public, removing embargo.

Comment 2 Warren Togami 2004-10-21 02:07:16 UTC

This is fixed in gaim-1.0.1-1.FC3 shipping in FC3 final.  I am testing
and preparing gaim-1.0.2 for FC2 and FC3 updates now.

Comment 3 Warren Togami 2004-10-21 02:18:50 UTC

Crap... the security update for gaim was rejected from FC3 final. 
1.0.2 update coming immediately.

Comment 4 Warren Togami 2004-10-31 08:50:16 UTC

This security update has subsequently made FC3 final, and issued as
1.0.2 to FC2.

Note You need to log in before you can comment on or make changes to this bug.