From e87eb4c40e16efb7b7f244789f63cb139336e3d3 Mon Sep 17 00:00:00 2001 From: Jan Hacker Date: Sun, 17 Aug 2014 22:22:12 +0200 Subject: "/bookmark add foo" crash - fix A user providing an invalid JID when creating a new bookmark (like 'foo') would reproducibly crash/segfault profanity, as it insists on checking string length behind the @ of the JID. However, it could be NULL if the user accidentally omitted it. The patch avoids the crash by NULL-checking and prevents getting there in the first place by checking the argument to "add". Backtrace of unpatched profanity with above command: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 0x00007fff85699732 in strlen () (gdb) bt #0 0x00007fff85699732 in strlen () #1 0x00000001000965d2 in xmpp_strdup () #2 0x0000000100095d6d in xmpp_stanza_set_attribute () #3 0x0000000100011c5c in _send_bookmarks () #4 0x00000001000115a8 in _bookmark_add () #5 0x000000010003320d in cmd_bookmark () #6 0x000000010002a0f2 in cmd_execute () #7 0x0000000100003a1d in process_input () #8 0x00000001000037c7 in prof_run () #9 0x0000000100045032 in main () (gdb) --- src/xmpp/bookmark.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/xmpp') diff --git a/src/xmpp/bookmark.c b/src/xmpp/bookmark.c index e23c185c..743baf39 100644 --- a/src/xmpp/bookmark.c +++ b/src/xmpp/bookmark.c @@ -422,7 +422,9 @@ _send_bookmarks(void) xmpp_stanza_set_attribute(conference, STANZA_ATTR_JID, bookmark->jid); Jid *jidp = jid_create(bookmark->jid); - xmpp_stanza_set_attribute(conference, STANZA_ATTR_NAME, jidp->localpart); + if (jidp->localpart != NULL) { + xmpp_stanza_set_attribute(conference, STANZA_ATTR_NAME, jidp->localpart); + } jid_destroy(jidp); if (bookmark->autojoin) { -- cgit 1.4.1-2-gfad0