From 49a3fd7ae6bb6edfba617f79a2394586855dda54 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Sun, 28 Jun 2026 16:15:14 +0000 Subject: [PATCH] core: fix possible buffer overflow in command /color alias (issue #2330) Fix: c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn security vulnerability Automated security fix generated by OrbisAI Security --- CHANGELOG.md | 1 + src/core/core-command.c | 17 ++++++----------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b517c18c..ce722d35d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-3.0-or-later ### Fixed - core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325)) +- core: fix possible buffer overflow in command /color alias ([#2330](https://github.com/weechat/weechat/issues/2330)) - relay/api: fix memory leak in resources "handshake", "input" and "completion" ([GHSA-wmpc-m6g9-fwj8](https://github.com/weechat/weechat/security/advisories/GHSA-wmpc-m6g9-fwj8)) - relay: fix read of uncompressed websocket frame ([#2331](https://github.com/weechat/weechat/issues/2331)) - xfer: fix out-of-bounds write in xfer file transfer resume ([#2326](https://github.com/weechat/weechat/issues/2326)) diff --git a/src/core/core-command.c b/src/core/core-command.c index c24452845..bc8c07093 100644 --- a/src/core/core-command.c +++ b/src/core/core-command.c @@ -1720,17 +1720,12 @@ COMMAND_CALLBACK(color) else str_alias = argv[i]; } - str_color[0] = '\0'; - if (str_alias) - { - strcat (str_color, ";"); - strcat (str_color, str_alias); - } - if (str_rgb) - { - strcat (str_color, ";"); - strcat (str_color, str_rgb); - } + snprintf (str_color, sizeof (str_color), + "%s%s%s%s", + (str_alias) ? ";" : "", + (str_alias) ? str_alias : "", + (str_rgb) ? ";" : "", + (str_rgb) ? str_rgb : ""); /* add color alias */ snprintf (str_command, sizeof (str_command),