Merged TALOS-CAN-0142

author: Gary Kramlich <grim@reaperworld.com> 2016-06-12 22:22:06 -0500
committer: Gary Kramlich <grim@reaperworld.com> 2016-06-12 22:22:06 -0500
commit: 31f30a5ad1fb651cf2b69206100a722b8e5ab690 (patch)
tree: 3f6c2da7d6a6fe19b100d91fd0bb4b0662f2cc5e
parent: 0fd7d75e85fcbff309783e7cbffb99329c520d01 (diff)
parent: 7b8c88a6504c11610ea7dfec9bc5caefd6cf53ad (diff)
download: pidgin-31f30a5ad1fb651cf2b69206100a722b8e5ab690.tar.gz
2 files changed, 3 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 27767b1548..47ee15963a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,8 @@ version 2.10.13 (MM/DD/YY):
 	  Cisco Talos.  (TALOS-CAN-0136)
 	* Fixed a remote NULL pointer dereference.  Discovered by Yves Younan of
 	  Cisco Talos (TALOS-CAN-0137)
+	* Fixed a remote code execution issue discovered by Yves Younan of Cisco
+	  Talos.  (TALOS-CAN-0142)
 
 version 2.10.12 (12/31/15):
 	General:
diff --git a/libpurple/protocols/mxit/multimx.c b/libpurple/protocols/mxit/multimx.c
index 606fe40253..d21c60e5d6 100644
--- a/libpurple/protocols/mxit/multimx.c
+++ b/libpurple/protocols/mxit/multimx.c
@@ -360,7 +360,7 @@ void multimx_message_received(struct RXMsgData* mx, char* msg, int msglen, short
 		unsigned int i;
 
 		for (i = 1; i < strlen(msg); i++) {		/* search for end of nickname */
-			if (msg[i] == '>') {
+			if ((msg[i] == '>') && (msg[i+1] == '\n')) {
 				msg[i] = '\0';
 				g_free(mx->from);
 				mx->from = g_strdup(&msg[1]);
author	Gary Kramlich <grim@reaperworld.com>	2016-06-12 22:22:06 -0500
committer	Gary Kramlich <grim@reaperworld.com>	2016-06-12 22:22:06 -0500
commit	31f30a5ad1fb651cf2b69206100a722b8e5ab690 (patch)
tree	3f6c2da7d6a6fe19b100d91fd0bb4b0662f2cc5e
parent	0fd7d75e85fcbff309783e7cbffb99329c520d01 (diff)
parent	7b8c88a6504c11610ea7dfec9bc5caefd6cf53ad (diff)
download	pidgin-31f30a5ad1fb651cf2b69206100a722b8e5ab690.tar.gz