mirror of
https://github.com/weechat/weechat.git
synced 2026-07-05 17:23:15 +02:00
core: fix possible buffer overflow in command /color alias (issue #2330)
Fix: c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn security vulnerability Automated security fix generated by OrbisAI Security
This commit is contained in:
committed by
Sébastien Helleu
parent
031bc877cb
commit
aa77bff164
@@ -31,6 +31,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- core: fix option weechat.look.color_real_white not applied when color is "white" on 16+ colors terminals ([#1742](https://github.com/weechat/weechat/issues/1742))
|
||||
- core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325))
|
||||
- core: fix possible buffer overflow in command /color alias ([#2330](https://github.com/weechat/weechat/issues/2330))
|
||||
- api: fix infinite loop in function string_replace when the search string is empty
|
||||
- irc: fix tag in message with list of names when joining a channel
|
||||
- fset: remove error displayed in core buffer when clicking with the mouse below the last option displayed
|
||||
|
||||
+6
-11
@@ -1700,17 +1700,12 @@ COMMAND_CALLBACK(color)
|
||||
else
|
||||
str_alias = argv[i];
|
||||
}
|
||||
str_color[0] = '\0';
|
||||
if (str_alias)
|
||||
{
|
||||
strcat (str_color, ";");
|
||||
strcat (str_color, str_alias);
|
||||
}
|
||||
if (str_rgb)
|
||||
{
|
||||
strcat (str_color, ";");
|
||||
strcat (str_color, str_rgb);
|
||||
}
|
||||
snprintf (str_color, sizeof (str_color),
|
||||
"%s%s%s%s",
|
||||
(str_alias) ? ";" : "",
|
||||
(str_alias) ? str_alias : "",
|
||||
(str_rgb) ? ";" : "",
|
||||
(str_rgb) ? str_rgb : "");
|
||||
|
||||
/* add color alias */
|
||||
snprintf (str_command, sizeof (str_command),
|
||||
|
||||
Reference in New Issue
Block a user