Package: jabber-muc
Version: 0.6.0-2
Severity: important
Tags: patch
If a room JID receives a request for jabber:iq:time
then mu-conference will attempt to free memory that
was not allocated by malloc but statically allocated,
as returned from the ctime function.
This has the effect of causing mu-conference to crash.
** Reproducing:
Enter the JID of a room on an affected instance of
mu-conference into the "Show user or service info..."
of tkabber. Mu-conference crashes.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18 (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages jabber-muc depends on:
ii jabber 1.4.3-3.0.ipv6.r1 Daemon for the jabber.org Open Sou
ii libc6 2.7-3 GNU C Library: Shared libraries
ii libexpat1 1.95.8-3.4 XML parsing C library - runtime li
ii libglib2.0-0 2.14.0-2 The GLib library of C routines
ii libpth20 [libpth2] 2.0.7-6 The GNU Portable Threads
ii libssl0.9.7 0.9.7k-3.1 SSL shared libraries
jabber-muc recommends no packages.
-- no debconf information
--- jabber-muc-0.6.0/src/conference_room.c 2003-11-15 04:19:45.000000000 +0000
+++ jabber-muc-0.6.0/src/conference_room.c 2007-12-25 02:13:47.000000000 +0000
@@ -720,7 +720,7 @@
str[strlen(str) - 1] = '\0'; /* cut off newline */
xmlnode_insert_cdata(xmlnode_insert_tag(jp->iq, "display"), pstrdup(jp->p, str), -1);
- free(str);
+
deliver(dpacket_new(jp->x),NULL);
return;
