summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--NEWS2
-rw-r--r--libpurple/protocols/bonjour/bonjour_ft.c6
-rw-r--r--libpurple/protocols/jabber/oob.c5
-rw-r--r--libpurple/protocols/msn/slp.c2
5 files changed, 12 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 869a833e2f..15fecca117 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@ Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
version 2.5.9 (08/18/2009):
* Fix a crash via a specially crafted MSN message (CVE-2009-2694).
+ * Fix a crash in Bonjour, MSN, and XMPP when trying to transfer files with
+ NULL names.
version 2.5.8 (06/27/2009):
ICQ:
diff --git a/NEWS b/NEWS
index 06d510aefe..144b65c552 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ Our development blog is available at: http://planet.pidgin.im
2.5.9 (08/18/2009):
John: This release is just a crash fix release to address a security
- issue reported to us by CORE.
+ issue reported to us by CORE and a couple crashes Elliott found.
2.5.8 (06/27/2009):
John: This release is another somewhat rushed bugfix release to fix
diff --git a/libpurple/protocols/bonjour/bonjour_ft.c b/libpurple/protocols/bonjour/bonjour_ft.c
index effc93163b..c38fdb88d1 100644
--- a/libpurple/protocols/bonjour/bonjour_ft.c
+++ b/libpurple/protocols/bonjour/bonjour_ft.c
@@ -448,9 +448,11 @@ xep_si_parse(PurpleConnection *pc, xmlnode *packet, PurpleBuddy *pb)
/* TODO: Make sure that it is advertising a bytestreams transfer */
- bonjour_xfer_receive(pc, id, sid, pb->name, filesize, filename, XEP_BYTESTREAMS);
+ if (filename) {
+ bonjour_xfer_receive(pc, id, sid, pb->name, filesize, filename, XEP_BYTESTREAMS);
- parsed_receive = TRUE;
+ parsed_receive = TRUE;
+ }
}
if (!parsed_receive) {
diff --git a/libpurple/protocols/jabber/oob.c b/libpurple/protocols/jabber/oob.c
index e43bf5c3ec..7e1b88e41a 100644
--- a/libpurple/protocols/jabber/oob.c
+++ b/libpurple/protocols/jabber/oob.c
@@ -207,7 +207,10 @@ void jabber_oob_parse(JabberStream *js, xmlnode *packet) {
url = xmlnode_get_data(urlnode);
jox = g_new0(JabberOOBXfer, 1);
- purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL);
+ if (!purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL)) {
+ g_free(url);
+ return;
+ }
g_free(url);
jox->js = js;
jox->headers = g_string_new("");
diff --git a/libpurple/protocols/msn/slp.c b/libpurple/protocols/msn/slp.c
index ba6451a494..7ab7a8cc5b 100644
--- a/libpurple/protocols/msn/slp.c
+++ b/libpurple/protocols/msn/slp.c
@@ -363,7 +363,7 @@ got_sessionreq(MsnSlpCall *slpcall, const char *branch,
g_free(bin);
- purple_xfer_set_filename(xfer, file_name);
+ purple_xfer_set_filename(xfer, file_name ? file_name : "");
g_free(file_name);
purple_xfer_set_size(xfer, file_size);
purple_xfer_set_init_fnc(xfer, msn_xfer_init);
View Lorry Controller Status