#
#
# patch "libpurple/protocols/msnp9/slplink.c"
# from [0148f31961bbe4a9a992377e70db082952505db4]
# to [f65596ea173bf7c9c1114edd7599140f470e7788]
#
============================================================
--- libpurple/protocols/msnp9/slplink.c 0148f31961bbe4a9a992377e70db082952505db4
+++ libpurple/protocols/msnp9/slplink.c f65596ea173bf7c9c1114edd7599140f470e7788
@@ -597,7 +597,7 @@ msn_slplink_process_msg(MsnSlpLink *slpl
}
else if (slpmsg->size)
{
- if ((offset + len) > slpmsg->size)
+ if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
{
purple_debug_error("msn", "Oversized slpmsg\n");
g_return_if_reached();
For reference, this is the upstream patch that went into 2.4.3. I need to
backport this for pidgin-2.3.1 in RHEL4 and RHEL5, and pidgin-1.5.x in RHEL3.
# protocols/ msnp9/slplink. c" a9a992377e70db0 82952505db4] c9c1114edd75991 40f470e7788] ======= ======= ======= ======= ======= ======= ======= ==== protocols/ msnp9/slplink. c 0148f31961bbe4a 9a992377e70db08 2952505db4 protocols/ msnp9/slplink. c f65596ea173bf7c 9c1114edd759914 0f470e7788 process_ msg(MsnSlpLink *slpl debug_error( "msn", "Oversized slpmsg\n"); if_reached( );
#
# patch "libpurple/
# from [0148f31961bbe4
# to [f65596ea173bf7
#
=======
--- libpurple/
+++ libpurple/
@@ -597,7 +597,7 @@ msn_slplink_
}
else if (slpmsg->size)
{
- if ((offset + len) > slpmsg->size)
+ if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
{
purple_
g_return_
For reference, this is the upstream patch that went into 2.4.3. I need to
backport this for pidgin-2.3.1 in RHEL4 and RHEL5, and pidgin-1.5.x in RHEL3.