Mercurial > ~mikael > mcabber > hg

diff mcabber/mcabber/utils.c @ 2283:6e1ead98930d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check origin of roster pushes MCabber is vulnerable to roster push attacks as described by Daniel Gultsch at https://gultsch.de/gajim_roster_push_and_message_interception.html. This patch should fix the problem by checking the sender of the iq:roster stanzas. Thanks to Sam Whited for the report.
author Mikael Berthe <mikael@lilotux.net>
date Mon, 21 Nov 2016 20:35:28 +0100
parents f5402d705f67
children e00ae0763468
line wrap: on
line diff
--- a/mcabber/mcabber/utils.c	Sun Sep 18 17:13:53 2016 +0200
+++ b/mcabber/mcabber/utils.c	Mon Nov 21 20:35:28 2016 +0100
@@ -96,6 +96,9 @@
   char *ptr;
   char *server;
 
+  if (!username) {
+    return NULL;
+  }
   if ((ptr = strchr(username, JID_DOMAIN_SEPARATOR)) != NULL) {
     server = g_strdup(ptr+1);
     return server;