independent-20041019-01

NOTE: This issue was not reported to a security reporting body.

Summary MSN SLP DOS (malloc error)
Date 2004-10-19
Discovered By Gaim
Fixed In Release 1.0.2

Description

Remote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.

Mitigation

Replace call to g_malloc() with call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site