diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | libpurple/protocols/bonjour/bonjour_ft.c | 6 | ||||
-rw-r--r-- | libpurple/protocols/jabber/oob.c | 5 | ||||
-rw-r--r-- | libpurple/protocols/msn/slp.c | 2 |
5 files changed, 12 insertions, 5 deletions
@@ -2,6 +2,8 @@ Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul version 2.5.9 (08/18/2009): * Fix a crash via a specially crafted MSN message (CVE-2009-2694). + * Fix a crash in Bonjour, MSN, and XMPP when trying to transfer files with + NULL names. version 2.5.8 (06/27/2009): ICQ: @@ -4,7 +4,7 @@ Our development blog is available at: http://planet.pidgin.im 2.5.9 (08/18/2009): John: This release is just a crash fix release to address a security - issue reported to us by CORE. + issue reported to us by CORE and a couple crashes Elliott found. 2.5.8 (06/27/2009): John: This release is another somewhat rushed bugfix release to fix diff --git a/libpurple/protocols/bonjour/bonjour_ft.c b/libpurple/protocols/bonjour/bonjour_ft.c index effc93163b..c38fdb88d1 100644 --- a/libpurple/protocols/bonjour/bonjour_ft.c +++ b/libpurple/protocols/bonjour/bonjour_ft.c @@ -448,9 +448,11 @@ xep_si_parse(PurpleConnection *pc, xmlnode *packet, PurpleBuddy *pb) /* TODO: Make sure that it is advertising a bytestreams transfer */ - bonjour_xfer_receive(pc, id, sid, pb->name, filesize, filename, XEP_BYTESTREAMS); + if (filename) { + bonjour_xfer_receive(pc, id, sid, pb->name, filesize, filename, XEP_BYTESTREAMS); - parsed_receive = TRUE; + parsed_receive = TRUE; + } } if (!parsed_receive) { diff --git a/libpurple/protocols/jabber/oob.c b/libpurple/protocols/jabber/oob.c index e43bf5c3ec..7e1b88e41a 100644 --- a/libpurple/protocols/jabber/oob.c +++ b/libpurple/protocols/jabber/oob.c @@ -207,7 +207,10 @@ void jabber_oob_parse(JabberStream *js, xmlnode *packet) { url = xmlnode_get_data(urlnode); jox = g_new0(JabberOOBXfer, 1); - purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL); + if (!purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL)) { + g_free(url); + return; + } g_free(url); jox->js = js; jox->headers = g_string_new(""); diff --git a/libpurple/protocols/msn/slp.c b/libpurple/protocols/msn/slp.c index ba6451a494..7ab7a8cc5b 100644 --- a/libpurple/protocols/msn/slp.c +++ b/libpurple/protocols/msn/slp.c @@ -363,7 +363,7 @@ got_sessionreq(MsnSlpCall *slpcall, const char *branch, g_free(bin); - purple_xfer_set_filename(xfer, file_name); + purple_xfer_set_filename(xfer, file_name ? file_name : ""); g_free(file_name); purple_xfer_set_size(xfer, file_size); purple_xfer_set_init_fnc(xfer, msn_xfer_init); |