*** Plucked rev 9dd1c4c3 (khc@pidgin.im):

Fixes a buffer overflow in the ZDI-08-054 report
author: Paul Aurich <darkrain42@pidgin.im> 2009-05-02 21:09:37 +0000
committer: Paul Aurich <darkrain42@pidgin.im> 2009-05-02 21:09:37 +0000
commit: 583582a735bb8d52baea9cfa8b34faabbb1edea1 (patch)
tree: a040718213dfc314f8f6e12308d323c7c1ccd568
parent: 3784747c0cf17ffc51ea5da99280967e3980baa3 (diff)
download: pidgin-583582a735bb8d52baea9cfa8b34faabbb1edea1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libpurple/protocols/msn/slplink.c b/libpurple/protocols/msn/slplink.c
index d292c9940f..372135b15a 100644
--- a/libpurple/protocols/msn/slplink.c
+++ b/libpurple/protocols/msn/slplink.c
@@ -493,7 +493,7 @@ msn_slplink_process_msg(MsnSlpLink *slplink, MsnMessage *msg)
 {
 	MsnSlpMessage *slpmsg;
 	const char *data;
-	gsize offset;
+	guint64 offset;
 	gsize len;
 
 #ifdef MSN_DEBUG_SLP
@@ -565,6 +565,7 @@ msn_slplink_process_msg(MsnSlpLink *slplink, MsnMessage *msg)
 			if (slpmsg->buffer == NULL)
 			{
 				purple_debug_error("msn", "Failed to allocate buffer for slpmsg\n");
+				msn_slpmsg_destroy(slpmsg);
 				return;
 			}
 		}
author	Paul Aurich <darkrain42@pidgin.im>	2009-05-02 21:09:37 +0000
committer	Paul Aurich <darkrain42@pidgin.im>	2009-05-02 21:09:37 +0000
commit	583582a735bb8d52baea9cfa8b34faabbb1edea1 (patch)
tree	a040718213dfc314f8f6e12308d323c7c1ccd568
parent	3784747c0cf17ffc51ea5da99280967e3980baa3 (diff)
download	pidgin-583582a735bb8d52baea9cfa8b34faabbb1edea1.tar.gz