1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-06 09:43:13 +02:00

relay: fix integer overflow in loops (issue #2178)

This commit is contained in:
Sébastien Helleu
2024-09-05 21:39:25 +02:00
parent d8c954472c
commit 9a0bd7c753
@@ -229,8 +229,9 @@ relay_weechat_protocol_handshake_reply (struct t_relay_client *client,
RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
{
char **options, **auths, **compressions, *pos;
int i, j, index_hash_algo, hash_algo_found, auth_allowed, compression;
char **options, **auths, **compressions, *pos, **ptr_option, **ptr_auth;
char **ptr_comp;
int index_hash_algo, hash_algo_found, auth_allowed, compression;
int password_received, plain_text_password;
RELAY_WEECHAT_PROTOCOL_MIN_ARGS(0);
@@ -252,14 +253,14 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
weechat_string_split_command (argv_eol[0], ',') : NULL;
if (options)
{
for (i = 0; options[i]; i++)
for (ptr_option = options; *ptr_option; ptr_option++)
{
pos = strchr (options[i], '=');
pos = strchr (*ptr_option, '=');
if (pos)
{
pos[0] = '\0';
pos++;
if (strcmp (options[i], "password_hash_algo") == 0)
if (strcmp (*ptr_option, "password_hash_algo") == 0)
{
password_received = 1;
auths = weechat_string_split (
@@ -273,10 +274,9 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
NULL);
if (auths)
{
for (j = 0; auths[j]; j++)
for (ptr_auth = auths; *ptr_auth; ptr_auth++)
{
index_hash_algo = relay_auth_password_hash_algo_search (
auths[j]);
index_hash_algo = relay_auth_password_hash_algo_search (*ptr_auth);
if ((index_hash_algo >= 0) && (index_hash_algo > hash_algo_found))
{
auth_allowed = weechat_string_match_list (
@@ -290,7 +290,7 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
weechat_string_free_split (auths);
}
}
else if (strcmp (options[i], "compression") == 0)
else if (strcmp (*ptr_option, "compression") == 0)
{
compressions = weechat_string_split (
pos,
@@ -303,9 +303,9 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
NULL);
if (compressions)
{
for (j = 0; compressions[j]; j++)
for (ptr_comp = compressions; *ptr_comp; ptr_comp++)
{
compression = relay_weechat_compression_search (compressions[j]);
compression = relay_weechat_compression_search (*ptr_comp);
if (compression >= 0)
{
RELAY_WEECHAT_DATA(client, compression) = compression;
@@ -365,8 +365,9 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(handshake)
RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
{
char **options, *pos, *relay_password, *totp_secret, *info_totp_args, *info_totp;
int i, length, password_received, totp_received;
char **options, *pos, *relay_password, *totp_secret;
char *info_totp_args, *info_totp, **ptr_option;
int length, password_received, totp_received;
RELAY_WEECHAT_PROTOCOL_MIN_ARGS(0);
@@ -384,26 +385,26 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
weechat_string_split_command (argv_eol[0], ',') : NULL;
if (options)
{
for (i = 0; options[i]; i++)
for (ptr_option = options; *ptr_option; ptr_option++)
{
pos = strchr (options[i], '=');
pos = strchr (*ptr_option, '=');
if (pos)
{
pos[0] = '\0';
pos++;
if (strcmp (options[i], "password") == 0)
if (strcmp (*ptr_option, "password") == 0)
{
password_received = 1;
if (relay_auth_password (client, pos, relay_password))
RELAY_WEECHAT_DATA(client, password_ok) = 1;
}
else if (strcmp (options[i], "password_hash") == 0)
else if (strcmp (*ptr_option, "password_hash") == 0)
{
password_received = 1;
if (relay_auth_password_hash (client, pos, relay_password))
RELAY_WEECHAT_DATA(client, password_ok) = 1;
}
else if (strcmp (options[i], "totp") == 0)
else if (strcmp (*ptr_option, "totp") == 0)
{
totp_received = 1;
if (totp_secret)