mirror of
https://github.com/profanity-im/profanity.git
synced 2024-12-04 14:46:46 -05:00
e87eb4c40e
A user providing an invalid JID when creating a new bookmark (like 'foo') would reproducibly crash/segfault profanity, as it insists on checking string length behind the @ of the JID. However, it could be NULL if the user accidentally omitted it. The patch avoids the crash by NULL-checking and prevents getting there in the first place by checking the argument to "add". Backtrace of unpatched profanity with above command: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 0x00007fff85699732 in strlen () (gdb) bt #0 0x00007fff85699732 in strlen () #1 0x00000001000965d2 in xmpp_strdup () #2 0x0000000100095d6d in xmpp_stanza_set_attribute () #3 0x0000000100011c5c in _send_bookmarks () #4 0x00000001000115a8 in _bookmark_add () #5 0x000000010003320d in cmd_bookmark () #6 0x000000010002a0f2 in cmd_execute () #7 0x0000000100003a1d in process_input () #8 0x00000001000037c7 in prof_run () #9 0x0000000100045032 in main () (gdb) |
||
---|---|---|
docs | ||
src | ||
tests | ||
themes | ||
.gitignore | ||
.travis.yml | ||
bootstrap.sh | ||
configure-debug | ||
configure.ac | ||
COPYING | ||
install-all.sh | ||
Makefile.am | ||
prof.supp | ||
profanity.spec | ||
profrc.example | ||
README.md | ||
upgrade.sh |
Profanity
Profanity is a console based XMPP client inspired by Irssi,
See the User Guide for information on installing, upgrading and using Profanity.
Links
Homepage: http://www.profanity.im
Mailing List: https://groups.google.com/forum/#!forum/profanitydev