diff options
author | Paul Aurich <darkrain42@pidgin.im> | 2009-05-02 21:09:37 +0000 |
---|---|---|
committer | Paul Aurich <darkrain42@pidgin.im> | 2009-05-02 21:09:37 +0000 |
commit | 583582a735bb8d52baea9cfa8b34faabbb1edea1 (patch) | |
tree | a040718213dfc314f8f6e12308d323c7c1ccd568 | |
parent | 3784747c0cf17ffc51ea5da99280967e3980baa3 (diff) | |
download | pidgin-583582a735bb8d52baea9cfa8b34faabbb1edea1.tar.gz |
*** Plucked rev 9dd1c4c3 (khc@pidgin.im):
Fixes a buffer overflow in the ZDI-08-054 report
-rw-r--r-- | libpurple/protocols/msn/slplink.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libpurple/protocols/msn/slplink.c b/libpurple/protocols/msn/slplink.c index d292c9940f..372135b15a 100644 --- a/libpurple/protocols/msn/slplink.c +++ b/libpurple/protocols/msn/slplink.c @@ -493,7 +493,7 @@ msn_slplink_process_msg(MsnSlpLink *slplink, MsnMessage *msg) { MsnSlpMessage *slpmsg; const char *data; - gsize offset; + guint64 offset; gsize len; #ifdef MSN_DEBUG_SLP @@ -565,6 +565,7 @@ msn_slplink_process_msg(MsnSlpLink *slplink, MsnMessage *msg) if (slpmsg->buffer == NULL) { purple_debug_error("msn", "Failed to allocate buffer for slpmsg\n"); + msn_slpmsg_destroy(slpmsg); return; } } |