On Thursday 17 April 2008, Olivier Goffart wrote: > Le jeudi 17 avril 2008, Oleg Girko a écrit : > > Hi! > > > > This patch contains a fix for a dangerous bug which can lead to crash or > > remote DoS of Kopete when a Jabber contact has '#' in Jabber client name > > or version returned in Disco response. > > Thank you... you can commit in all branches :-)
Oops. I have just trunk checked out on my computer, and I tested this fix only there. Can somebody else apply my patch in other branches and confirm that it works? > > Before this fix, my Kopete was crashing every time one of my contacts was > > connecting from some obscure mobile Jabber client. > > Is your kopete compiled with debug? Yes. > > Moral of the story: never make Q_ASSERT based on data received from > > server, especially if those data are originally come from another client. > > In theory, Q_ASSERT only abort on debug build. The old algorithm would lead to incorrect behaviour if Q_ASSERT does nothing. -- Oleg Girko, http://www.infoserver.ru/~ol/ _______________________________________________ kopete-devel mailing list [email protected] https://mail.kde.org/mailman/listinfo/kopete-devel
