1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-01 15:26:37 +02:00

relay/api: fix memory leak in resources "handshake", "input" and "completion"

This commit is contained in:
Sébastien Helleu
2026-06-17 21:54:15 +02:00
parent 861f589fc2
commit 3200a05c00
2 changed files with 16 additions and 2 deletions
+1
View File
@@ -35,6 +35,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
- relay: limit size of partial message received while reading an HTTP request to prevent memory exhaustion
- relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc), [CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
- relay: fix out-of-bounds read in dump of data ([#2324](https://github.com/weechat/weechat/issues/2324))
- relay/api: fix memory leak in resources "handshake", "input" and "completion"
- api, relay: fix timing attack on TOTP validation ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc), [CVE-2026-53525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-53525))
- xfer: replace directory separator in remote nick by underscore in download filename to prevent writing the file outside the download directory ([#2321](https://github.com/weechat/weechat/issues/2321))
- xfer: fix out-of-bounds read when receiving empty line in DCC chat ([#2323](https://github.com/weechat/weechat/issues/2323))
+15 -2
View File
@@ -402,7 +402,10 @@ RELAY_API_PROTOCOL_CALLBACK(handshake)
if (json_body)
{
if (!cJSON_IsObject (json_body))
{
cJSON_Delete (json_body);
return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
}
json_algos = cJSON_GetObjectItem (json_body, "password_hash_algo");
if (json_algos)
{
@@ -839,8 +842,13 @@ RELAY_API_PROTOCOL_CALLBACK(input)
char str_delay[32];
json_body = cJSON_Parse (client->http_req->body);
if (!json_body || !cJSON_IsObject (json_body))
if (!json_body)
return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
if (!cJSON_IsObject (json_body))
{
cJSON_Delete (json_body);
return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
}
/* get buffer either by name or by id */
ptr_buffer = NULL;
@@ -966,8 +974,13 @@ RELAY_API_PROTOCOL_CALLBACK(completion)
struct t_gui_buffer *ptr_buffer;
json_body = cJSON_Parse (client->http_req->body);
if (!json_body || !cJSON_IsObject(json_body))
if (!json_body)
return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
if (!cJSON_IsObject(json_body))
{
cJSON_Delete (json_body);
return RELAY_API_PROTOCOL_RC_BAD_REQUEST;
}
/* get buffer either by name or by id */
ptr_buffer = NULL;