independent-20041019-01

NOTE: This issue was not reported to a security reporting body.

Summary MSN SLP DOS (malloc error)
Date 2004-10-19
Discovered By Gaim
Fixed In Release 1.0.2

Description

Remote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.

Mitigation

Replace call to g_malloc() with call to g_try_malloc(). If the memory could not be allocated the function returns instead of causing the application to crash.

Looking to reach us via XMPP? Check out the new PidginChat service!