Commit aaf551b9 authored by Ian Goldberg's avatar Ian Goldberg

Fix use-after-free issue during SMP

Thanks to Stefan Sperling <otr@stsp.name> and Hanno Böck
<hanno@hboeck.de> for the report.

Fixes #88Signed-off-by: HannoBoeck's avatarHanno Böck <hanno@hboeck.de>
Signed-off-by: default avatarIan Goldberg <iang@cs.uwaterloo.ca>
parent 2348e1aa
......@@ -169,7 +169,7 @@ static void otrg_gtk_dialog_free_smp_data(PurpleConversation *conv)
g_hash_table_remove(conv->data, "otr-smpdata");
}
static void otrg_gtk_dialog_add_smp_data(PurpleConversation *conv)
static SMPData* otrg_gtk_dialog_add_smp_data(PurpleConversation *conv)
{
SMPData *smp_data = malloc(sizeof(SMPData));
smp_data->smp_secret_dialog = NULL;
......@@ -182,6 +182,8 @@ static void otrg_gtk_dialog_add_smp_data(PurpleConversation *conv)
smp_data->their_instance = OTRL_INSTAG_BEST;
purple_conversation_set_data(conv, "otr-smpdata", smp_data);
return smp_data;
}
static GtkWidget *otr_icon(GtkWidget *image, TrustLevel level,
......@@ -777,7 +779,7 @@ static GtkWidget *create_smp_dialog(const char *title, const char *primary,
* will kill any existing SMP */
if (smp_data->their_instance != context->their_instance) {
otrg_gtk_dialog_free_smp_data(conv);
otrg_gtk_dialog_add_smp_data(conv);
smp_data = otrg_gtk_dialog_add_smp_data(conv);
}
if (!(smp_data->smp_secret_dialog)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment