NOTE: This issue was not reported to a security reporting body.
| Summary | MSN SLP DOS (malloc error) |
|---|---|
| Date | 2004-10-19 |
| Discovered By | Gaim |
| Fixed In Release | 1.0.2 |
Remote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.
Replace call to g_malloc() with call to g_try_malloc(). If the memory could
not be allocated the function returns instead of causing the application to
crash.