Permalink
Browse files

purple: Fix crash on ft requests from unknown contacts

Followup to 701ab81 (included in 3.5) which was a partial fix which only
improved things for non-libpurple file transfers (that is, just jabber)
  • Loading branch information...
1 parent 53cb4ae commit 30d598ce7cd3f136ee9d7097f39fa9818a272441 @dequis dequis committed Jan 29, 2017
Showing with 4 additions and 0 deletions.
  1. +4 −0 protocols/purple/ft.c
@@ -145,6 +145,10 @@ static gboolean prplcb_xfer_new_send_cb(gpointer data, gint fd, b_input_conditio
/* TODO(wilmer): After spreading some more const goodness in BitlBee,
remove the evil cast below. */
px->ft = imcb_file_send_start(ic, (char *) who, xfer->filename, xfer->size);
+
+ if (!px->ft) {
+ return FALSE;
+ }
px->ft->data = px;
px->ft->accept = prpl_xfer_accept;

2 comments on commit 30d598c

@dequis
Member
dequis commented on 30d598c Jan 31, 2017

CVE-2017-5668 has been assigned for this

Please sign in to comment.