pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-12 14:14:48 +02:00
Code Activity

irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)

Browse Source 
Thanks to Stuart Nevans Locke for reporting the issue.
This commit is contained in:
Sébastien Helleu
2020-02-14 08:08:23 +01:00
parent 410a12b2ae
commit 51a739df61
2 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog.adoc
+7
View File
@@ -15,6 +15,13 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
(file _ReleaseNotes.adoc_ in sources).
[[v2.7.1]]
== Version 2.7.1 (under dev)
Bug fixes::
* irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)
[[v2.7]]
== Version 2.7 (2019-12-08)
src/plugins/irc/irc-mode.c
+12 -9
View File
@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
current_arg++;
if (pos[0] == chanmode)
{
chanmode_found = 1;
if (set_flag == '+')
if (!chanmode_found)
{
str_mode[0] = pos[0];
str_mode[1] = '\0';
strcat (new_modes, str_mode);
if (argument)
chanmode_found = 1;
if (set_flag == '+')
{
if (new_args[0])
strcat (new_args, " ");
strcat (new_args, argument);
str_mode[0] = pos[0];
str_mode[1] = '\0';
strcat (new_modes, str_mode);
if (argument)
{
if (new_args[0])
strcat (new_args, " ");
strcat (new_args, argument);
}
}
}
}