Bug#406982: libjabber-0.1 doesnt check return values

Mon, 15 Jan 2007 06:04:28 -0800 

Package: centericq
Version: 4.21.0-17
Severity: normal
Tags: patch

Hi,
centericq-4.21.0/libjabber-0.1/xstream.c starting line: 209
209     s = spool_new(xmlnode_pool(x));
210     spooler(s,"<?xml version='1.0'?>",xmlnode2str(x),s);
211     head = spool_print(s);
212     fixr = strstr(head,"/>");
213     *fixr = '>';
214     ++fixr;
215     *fixr = '\0';

This code is highly insecure, if for some reason the stream
doesn contain "/>" fixr will become NULL which will be a problem in lines
213-215. Checking if(fixr) would be appropriate.
Kind regards
Nico


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/zsh
Kernel: Linux 2.6.18-3-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages centericq depends on:
ii  centeric 4.21.0-17                       A text-mode multi-protocol instant
ii  libc6    2.3.6.ds1-9                     GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii  libcurl3 7.15.5-1                        Multi-protocol file transfer libra
ii  libgcc1  1:4.1.1-21                      GCC support library
ii  libgnutl 1.4.4-3                         the GNU TLS library - runtime libr
ii  libgpg-e 1.4-2                           library for common error values an
ii  libgpgme 1.1.2-2                         GPGME - GnuPG Made Easy
ii  libidn11 0.6.5-1                         GNU libidn library, implementation
ii  libjpeg6 6b-13                           The Independent JPEG Group's JPEG 
ii  libkrb53 1.4.4-5                         MIT Kerberos runtime libraries
ii  libncurs 5.5-5                           Shared libraries for terminal hand
ii  libssl0. 0.9.8c-4                        SSL shared libraries
ii  libstdc+ 4.1.1-21                        The GNU Standard C++ Library v3
ii  zlib1g   1:1.2.3-13                      compression library - runtime

Versions of packages centericq recommends:
ii  elinks [www-browser]     0.11.1-1.2      advanced text-mode WWW browser
ii  firefox                  2.0.0.1+dfsg-1  Transition package for iceweasel r
ii  iceape-browser [www-brow 1.0.7-2         Iceape Navigator (Internet browser
ii  iceweasel [www-browser]  2.0.0.1+dfsg-1  lightweight web browser based on M
ii  lynx [www-browser]       2.8.5-2sarge2.2 Text-mode WWW Browser
ii  opera-static [www-browse 9.02-20060919.1 The Opera Web Browser
ii  sox                      12.18.2-2       A universal sound sample translato
ii  w3m [www-browser]        0.5.1-5.1       WWW browsable pager with excellent

-- no debconf information

-- 
Nico Golde - http://www.ngolde.de
JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!

Attachment: signature.asc
Description: Digital signature

Reply via email to