mirror of
https://github.com/weechat/weechat.git
synced 2026-06-30 14:56:39 +02:00
xfer: fix out-of-bounds read in xfer_chat_recv_cb on empty line (#2323)
This commit is contained in:
@@ -17,6 +17,7 @@
|
||||
- relay: limit size of decompressed websocket frame with permessage-deflate to prevent memory exhaustion ([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3))
|
||||
- relay/weechat: fix empty buffers in client when WeeChat is running on Solaris/illumos
|
||||
- xfer: replace directory separator in remote nick by underscore in download filename to prevent writing the file outside the download directory ([#2321](https://github.com/weechat/weechat/issues/2321))
|
||||
- xfer: fix out-of-bounds read when receiving empty line in DCC chat ([#2323](https://github.com/weechat/weechat/issues/2323))
|
||||
- build: fix build on Solaris/illumos (issue #2251)
|
||||
|
||||
## Version 4.6.3 (2025-05-11)
|
||||
|
||||
@@ -160,7 +160,7 @@ xfer_chat_recv_cb (const void *pointer, void *data, int fd)
|
||||
{
|
||||
ctcp_action = 0;
|
||||
length = strlen (ptr_buf);
|
||||
if (ptr_buf[length - 1] == '\r')
|
||||
if ((length > 0) && (ptr_buf[length - 1] == '\r'))
|
||||
{
|
||||
ptr_buf[length - 1] = '\0';
|
||||
length--;
|
||||
|
||||
Reference in New Issue
Block a user