Mercurial > pidgin
diff libpurple/protocols/myspace/message.c @ 30616:943fce8ef142
Fix for CVE-2010-3711. Properly validate the return value from
purple_base64_decode() (the CVE issue) and purple_base16_decode() (just a bug).
Coincidentally, this should also fix #12614.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
| author | Daniel Atallah <daniel.atallah@gmail.com> |
|---|---|
| date | Sun, 17 Oct 2010 03:55:04 +0000 |
| parents | df7705d4b19a |
| children |
line wrap: on
line diff
--- a/libpurple/protocols/myspace/message.c Sun Oct 17 03:40:26 2010 +0000 +++ b/libpurple/protocols/myspace/message.c Sun Oct 17 03:55:04 2010 +0000 @@ -1363,7 +1363,7 @@ * */ *binary_data = (gchar *)purple_base64_decode((const gchar *)elem->data, binary_length); - return TRUE; + return ((*binary_data) != NULL); case MSIM_TYPE_BINARY: gs = (GString *)elem->data;