1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-04 16:53:14 +02:00

irc: fix integer overflow in loops (issue #2178)

This commit is contained in:
Sébastien Helleu
2024-09-05 21:34:58 +02:00
parent 0973fe0ad4
commit 70cd508cf0
2 changed files with 29 additions and 29 deletions
+10 -10
View File
@@ -422,8 +422,8 @@ char *
irc_server_eval_fingerprint (struct t_irc_server *server)
{
const char *ptr_fingerprint;
char *fingerprint_eval, **fingerprints, *str_sizes;
int i, j, rc, algo, length;
char *fingerprint_eval, **fingerprints, *str_sizes, **ptr;
int i, rc, algo, length;
if (!server)
return NULL;
@@ -460,18 +460,18 @@ irc_server_eval_fingerprint (struct t_irc_server *server)
return fingerprint_eval;
rc = 0;
for (i = 0; fingerprints[i]; i++)
for (ptr = fingerprints; *ptr; ptr++)
{
length = strlen (fingerprints[i]);
length = strlen (*ptr);
algo = irc_server_fingerprint_search_algo_with_size (length * 4);
if (algo < 0)
{
rc = -1;
break;
}
for (j = 0; j < length; j++)
for (i = 0; i < length; i++)
{
if (!isxdigit ((unsigned char)fingerprints[i][j]))
if (!isxdigit ((unsigned char)((*ptr)[i])))
{
rc = -2;
break;
@@ -4954,7 +4954,7 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,
const char *good_fingerprints)
{
unsigned char *fingerprint_server[IRC_FINGERPRINT_NUM_ALGOS];
char **fingerprints;
char **fingerprints, **ptr_fingerprint;
int i, rc, algo;
size_t size_bits, size_bytes;
@@ -4974,9 +4974,9 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,
rc = 0;
for (i = 0; fingerprints[i]; i++)
for (ptr_fingerprint = fingerprints; *ptr_fingerprint; ptr_fingerprint++)
{
size_bits = strlen (fingerprints[i]) * 4;
size_bits = strlen (*ptr_fingerprint) * 4;
size_bytes = size_bits / 8;
algo = irc_server_fingerprint_search_algo_with_size (size_bits);
@@ -5018,7 +5018,7 @@ irc_server_check_certificate_fingerprint (struct t_irc_server *server,
if (fingerprint_server[algo])
{
/* check if the fingerprint matches */
if (irc_server_compare_fingerprints (fingerprints[i],
if (irc_server_compare_fingerprints (*ptr_fingerprint,
fingerprint_server[algo],
size_bytes) == 0)
{