1
Description: pidgin-latex has a security issue to get into makeatletter-mode.
2
This patch fix insufficient validation of LaTeX code and avoid send
3
messages over a messenger network to a user local system account
6
Author: Benjamin Moll <qjuh@users.sourceforge.net>
8
Last-Update: 2012-07-23
10
--- pidgin-latex-1.4.4.orig/LaTeX.c 2011-01-12 19:28:45.000000000 -0500
11
+++ pidgin-latex-1.4.4/LaTeX.c 2012-08-25 20:27:55.000000000 -0500
17
#include <sys/types.h>
21
static gboolean is_blacklisted(char *message)
23
char *not_secure[NB_BLACKLIST] = BLACKLIST;
26
for (i = 0 ; i < NB_BLACKLIST ; i++)
28
- char *begin_not_secure = malloc((strlen(not_secure[i])+9)*sizeof(char));
29
- strcpy(begin_not_secure,"\\begin{");
31
+ char *begin_not_secure = malloc((strlen(not_secure[i])+18)*sizeof(char));
32
+ strcpy(begin_not_secure,"\\\\begin\\W*{\\W*");
33
strcat(begin_not_secure,not_secure[i]+0x01);
34
- strcat(begin_not_secure,"}");
35
- if (strstr(message, not_secure[i]) != NULL || strstr(message, begin_not_secure)) return TRUE;
36
+ strcat(begin_not_secure,"\\W*}");
37
+ reti = regcomp(®ex, begin_not_secure, 0);
38
+purple_debug_info("LaTeX", "RegEx-Comp: %s (%d)\n", begin_not_secure, reti);
39
+ reti = regexec(®ex, message, 0, NULL, 0);
41
+purple_debug_info("LaTeX", "Blacklist: %s und %s (RegEx-Match: %d)\n", not_secure[i], begin_not_secure, reti);
42
+ if (strstr(message, not_secure[i]) != NULL || reti!=REG_NOMATCH) return TRUE;