blob: 51ed44789094d928f145d668dcfc6fd8b2777f29 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From 256ad0239728dad500018d3d5a5d8d38191a0116 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <stsp@stsp.name>
Date: Fri, 3 Apr 2015 12:47:36 +0100
Subject: [PATCH] Fix use after free in create_smp_dialog().
After replacing smp_data update the local pointer variable to avoid
use-after-free memory access. Found on OpenBSD where the socialist
millionaires dialog never opened because of this.
---
gtk-dialog.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/gtk-dialog.c b/gtk-dialog.c
index 09ec12e..2021626 100644
--- a/gtk-dialog.c
+++ b/gtk-dialog.c
@@ -778,6 +778,7 @@ static GtkWidget *create_smp_dialog(const char *title, const char *primary,
if (smp_data->their_instance != context->their_instance) {
otrg_gtk_dialog_free_smp_data(conv);
otrg_gtk_dialog_add_smp_data(conv);
+ smp_data = purple_conversation_get_data(conv, "otr-smpdata");
}
if (!(smp_data->smp_secret_dialog)) {
--
2.3.4
|
GitWeb
