1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-05 17:23:15 +02:00

core: fix possible buffer overflow in command /color alias (issue #2330)

Fix: c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn security vulnerability

Automated security fix generated by OrbisAI Security
This commit is contained in:
orbisai0security
2026-06-28 16:15:14 +00:00
committed by Sébastien Helleu
parent 3bd95f0d12
commit 49a3fd7ae6
2 changed files with 7 additions and 11 deletions
+1
View File
@@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
### Fixed
- core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325))
- core: fix possible buffer overflow in command /color alias ([#2330](https://github.com/weechat/weechat/issues/2330))
- relay/api: fix memory leak in resources "handshake", "input" and "completion" ([GHSA-wmpc-m6g9-fwj8](https://github.com/weechat/weechat/security/advisories/GHSA-wmpc-m6g9-fwj8))
- relay: fix read of uncompressed websocket frame ([#2331](https://github.com/weechat/weechat/issues/2331))
- xfer: fix out-of-bounds write in xfer file transfer resume ([#2326](https://github.com/weechat/weechat/issues/2326))
+6 -11
View File
@@ -1720,17 +1720,12 @@ COMMAND_CALLBACK(color)
else
str_alias = argv[i];
}
str_color[0] = '\0';
if (str_alias)
{
strcat (str_color, ";");
strcat (str_color, str_alias);
}
if (str_rgb)
{
strcat (str_color, ";");
strcat (str_color, str_rgb);
}
snprintf (str_color, sizeof (str_color),
"%s%s%s%s",
(str_alias) ? ";" : "",
(str_alias) ? str_alias : "",
(str_rgb) ? ";" : "",
(str_rgb) ? str_rgb : "");
/* add color alias */
snprintf (str_command, sizeof (str_command),