pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 16:54:46 +02:00
Code Activity

Fix silly missing bufsize-- in xmlescape(). Not exploitable.

Browse Source 
This XML code is only used for DroneBL submission with no user-
controlled variables (except $ip). Still, silly mistake to make
and who knows what other XML stuff will happen in the future.
This commit is contained in:
Bram Matthys
2026-04-06 08:36:07 +02:00
parent bc086e3ffe
commit 35974ee46d
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/support.c
+6
View File
@@ -1376,6 +1376,7 @@ char *xmlescape(const char *i, char *buf, int bufsize)
break;
strcpy(o, """);
o += 6;
bufsize -= 6;
} else
if (*i == '\'')
{
@@ -1383,6 +1384,7 @@ char *xmlescape(const char *i, char *buf, int bufsize)
break;
strcpy(o, "'");
o += 6;
bufsize -= 6;
} else
if (*i == '<')
{
@@ -1390,6 +1392,7 @@ char *xmlescape(const char *i, char *buf, int bufsize)
break;
strcpy(o, "&lt;");
o += 4;
bufsize -= 4;
} else
if (*i == '>')
{
@@ -1397,6 +1400,7 @@ char *xmlescape(const char *i, char *buf, int bufsize)
break;
strcpy(o, "&gt;");
o += 4;
bufsize -= 4;
} else
if (*i == '&')
{
@@ -1404,11 +1408,13 @@ char *xmlescape(const char *i, char *buf, int bufsize)
break;
strcpy(o, "&amp;");
o += 5;
bufsize -= 5;
} else
{
if (bufsize <= 1)
break;
*o++ = *i;
bufsize--;
}
}