From de2259ea2a2e9d6291d271b74f2cf0bb1bd217a4 Mon Sep 17 00:00:00 2001
From: dwyip <dwyip@users.sourceforge.net>
Date: Mon, 13 Feb 2006 18:19:24 +0000
Subject: [PATCH] closed up denial-of-service attack vector (ironically located
 in an input verification routine).  This could have been used to trivially
 terminate Inkboard users' sessions

---
 src/jabber_whiteboard/message-handler.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/jabber_whiteboard/message-handler.cpp b/src/jabber_whiteboard/message-handler.cpp
index 031ed7348..56c6972de 100644
--- a/src/jabber_whiteboard/message-handler.cpp
+++ b/src/jabber_whiteboard/message-handler.cpp
@@ -159,11 +159,15 @@ MessageHandler::_isValidMessage(LmMessage* message)
 	// such a message.
 	offline = lm_message_node_get_child(root, "x");
 	if (offline != NULL) {
-		if (strcmp(lm_message_node_get_value(offline), "Offline Storage") == 0) {
-			return false;
+		gchar const* val = lm_message_node_get_value(offline);
+		if (val != NULL) {
+			if (strcmp(val, "Offline Storage") == 0) {
+				return false;
+			}
 		}
 	}
 
+
 	// 4.  If this is a regular chat message...
 	msubtype = lm_message_get_sub_type(message);
 
-- 
2.30.2