pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-12 14:14:48 +02:00
Code Activity

irc: fix out-of-bounds read in DCC command with quoted filename

Browse Source
This commit is contained in:
aizu-m
2026-06-04 12:14:33 +05:30
committed by Sébastien Helleu
parent f4dc30ec58
commit 328f86affc
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -24,6 +24,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
- irc: fix tag in message with list of names when joining a channel - irc: fix tag in message with list of names when joining a channel
- fset: remove error displayed in core buffer when clicking with the mouse below the last option displayed - fset: remove error displayed in core buffer when clicking with the mouse below the last option displayed
- irc: limit size of data received from the server to prevent memory exhaustion - irc: limit size of data received from the server to prevent memory exhaustion
- irc: fix out-of-bounds read on incoming DCC command with a quoted filename ending the message
- relay: limit size of decompressed websocket frame with permessage-deflate to prevent memory exhaustion ([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3)) - relay: limit size of decompressed websocket frame with permessage-deflate to prevent memory exhaustion ([GHSA-v2v4-45wm-5cr3](https://github.com/weechat/weechat/security/advisories/GHSA-v2v4-45wm-5cr3))
- relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion - relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
- relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc)) - relay: fix timing attack on password authentication ([GHSA-vhv8-g2r9-cwcc](https://github.com/weechat/weechat/security/advisories/GHSA-vhv8-g2r9-cwcc))
src/plugins/irc/irc-ctcp.c
+3 -3
View File
@@ -857,7 +857,7 @@ irc_ctcp_recv_dcc (struct t_irc_protocol_ctxt *ctxt, const char *arguments)
* double-quote * double-quote
*/ */
pos = strrchr (pos_file, '"'); pos = strrchr (pos_file, '"');
if (!pos || (pos == pos_file)) if (!pos || (pos == pos_file) || !pos[1])
{ {
weechat_printf ( weechat_printf (
ctxt->server->buffer, ctxt->server->buffer,
@@ -1032,7 +1032,7 @@ irc_ctcp_recv_dcc (struct t_irc_protocol_ctxt *ctxt, const char *arguments)
* double-quote * double-quote
*/ */
pos = strrchr (pos_file, '"'); pos = strrchr (pos_file, '"');
if (!pos || (pos == pos_file)) if (!pos || (pos == pos_file) || !pos[1])
{ {
weechat_printf ( weechat_printf (
ctxt->server->buffer, ctxt->server->buffer,
@@ -1176,7 +1176,7 @@ irc_ctcp_recv_dcc (struct t_irc_protocol_ctxt *ctxt, const char *arguments)
* double-quote * double-quote
*/ */
pos = strrchr (pos_file, '"'); pos = strrchr (pos_file, '"');
if (!pos || (pos == pos_file)) if (!pos || (pos == pos_file) || !pos[1])
{ {
weechat_printf ( weechat_printf (
ctxt->server->buffer, ctxt->server->buffer,