closed up denial-of-service attack vector (ironically located in an

input verification routine).  This could have been used to trivially
terminate Inkboard users' sessions

diff --git a/src/jabber_whiteboard/message-handler.cpp b/src/jabber_whiteboard/message-handler.cpp
index 031ed7348fbf2d6ce37a118565cfc08ae6dc0383..56c6972de3101c64f714c99a726d6526794bfa4f 100644 (file)
--- a/src/jabber_whiteboard/message-handler.cpp
+++ b/src/jabber_whiteboard/message-handler.cpp
@@ -159,11 +159,15 @@ MessageHandler::_isValidMessage(LmMessage* message)
        // such a message.
        offline = lm_message_node_get_child(root, "x");
        if (offline != NULL) {
-               if (strcmp(lm_message_node_get_value(offline), "Offline Storage") == 0) {
-                       return false;
+               gchar const* val = lm_message_node_get_value(offline);
+               if (val != NULL) {
+                       if (strcmp(val, "Offline Storage") == 0) {
+                               return false;
+                       }
                }
        }
 
+
        // 4.  If this is a regular chat message...
        msubtype = lm_message_get_sub_type(message);