Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
pidgin
pidgin-CVE-2014-3698
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pidgin-CVE-2014-3698 of Package pidgin
# HG changeset patch # User Mark Doliner <mark@kingant.net> # Date 1413269257 25200 # Mon Oct 13 23:47:37 2014 -0700 # Branch release-2.x.y # Node ID ea46ab68f0dc5286e8b3c5620fe31898c769caff # Parent c890736a8d5a70e3caf5c6205eadb70065db6cbb Fix a possible information leak when preping XMPP JIDs. Discovered and fixed by Thijs Alkemade and Paul Aurich and reported to us privately on our security@pidgin.im mailing list. diff -r c890736a8d5a -r ea46ab68f0dc libpurple/protocols/jabber/jutil.c --- a/libpurple/protocols/jabber/jutil.c Mon Oct 13 23:06:08 2014 -0700 +++ b/libpurple/protocols/jabber/jutil.c Mon Oct 13 23:47:37 2014 -0700 @@ -81,10 +81,10 @@ if (slash) { domain_len = slash - str; - resource = slash; + resource = slash + 1; resource_len = null - (slash + 1); } else { - domain_len = null - (str + 1); + domain_len = null - str; } } @@ -126,6 +126,8 @@ jid = NULL; goto out; } + + jid->domain = g_strndup(domain, domain_len); } else { /* Apply nameprep */ if (stringprep_nameprep(idn_buffer, sizeof(idn_buffer)) != STRINGPREP_OK) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor