pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-30 14:56:39 +02:00
Code Activity

xfer: fix out-of-bounds read in xfer_chat_recv_cb on empty line (#2323)

Browse Source
This commit is contained in:
aizu-m
2026-06-06 10:31:18 +05:30
committed by Sébastien Helleu
parent cf2d0733d3
commit 22ee76cdd6
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -17,6 +17,7 @@
- relay: limit size of decompressed websocket frame with permessage-deflate to prevent memory exhaustion ([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3))
- relay/weechat: fix empty buffers in client when WeeChat is running on Solaris/illumos
- xfer: replace directory separator in remote nick by underscore in download filename to prevent writing the file outside the download directory ([#2321](https://github.com/weechat/weechat/issues/2321))
- xfer: fix out-of-bounds read when receiving empty line in DCC chat ([#2323](https://github.com/weechat/weechat/issues/2323))
- build: fix build on Solaris/illumos (issue #2251)
## Version 4.6.3 (2025-05-11)
src/plugins/xfer/xfer-chat.c
+1 -1
View File
@@ -160,7 +160,7 @@ xfer_chat_recv_cb (const void *pointer, void *data, int fd)
{
ctcp_action = 0;
length = strlen (ptr_buf);
if (ptr_buf[length - 1] == '\r')
if ((length > 0) && (ptr_buf[length - 1] == '\r'))
{
ptr_buf[length - 1] = '\0';
length--;