From 2dc394c7b0d7dfec1e0a7f553d3510c5efa98086 Mon Sep 17 00:00:00 2001 From: dequis Date: Tue, 23 Aug 2016 21:02:20 -0300 Subject: jabber: handle nulls in jabber_compare_jid As far as I can see this isn't remotely exploitable (and if it were it would be just DoS of the child process), but i'm still looking into it --- protocols/jabber/jabber_util.c | 4 ++++ tests/check_jabber_util.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/protocols/jabber/jabber_util.c b/protocols/jabber/jabber_util.c index c3c9df34..ee4753f2 100644 --- a/protocols/jabber/jabber_util.c +++ b/protocols/jabber/jabber_util.c @@ -314,6 +314,10 @@ int jabber_compare_jid(const char *jid1, const char *jid2) { int i; + if (!jid1 || !jid2) { + return FALSE; + } + for (i = 0;; i++) { if (jid1[i] == '\0' || jid1[i] == '/' || jid2[i] == '\0' || jid2[i] == '/') { if ((jid1[i] == '\0' || jid1[i] == '/') && (jid2[i] == '\0' || jid2[i] == '/')) { diff --git a/tests/check_jabber_util.c b/tests/check_jabber_util.c index 1ffea011..43180fce 100644 --- a/tests/check_jabber_util.c +++ b/tests/check_jabber_util.c @@ -102,6 +102,8 @@ static void check_compareJID(int l) fail_if(jabber_compare_jid("bugtest1@google.com/B", "bugtest2@google.com/A")); fail_unless(jabber_compare_jid("bugtest@google.com/A", "bugtest@google.com/A")); fail_if(jabber_compare_jid("", "bugtest@google.com/A")); + fail_if(jabber_compare_jid(NULL, "")); + fail_if(jabber_compare_jid("", NULL)); } static void check_hipchat_slug(int l) -- cgit v1.2.3