mirror of
https://github.com/weechat/weechat.git
synced 2026-07-05 17:23:15 +02:00
core: fix possible buffer overflow in list of commands displayed by /help (issue #2330)
Fix: c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn security vulnerability Found by OrbisAI Security
This commit is contained in:
@@ -12,6 +12,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- core: fix buffer overflow in connection to SOCKS5 proxy ([#2325](https://github.com/weechat/weechat/issues/2325))
|
||||
- core: fix possible buffer overflow in command /color alias ([#2330](https://github.com/weechat/weechat/issues/2330))
|
||||
- core: fix possible buffer overflow in list of commands displayed by /help ([#2330](https://github.com/weechat/weechat/issues/2330))
|
||||
- relay/api: fix memory leak in resources "handshake", "input" and "completion" ([GHSA-wmpc-m6g9-fwj8](https://github.com/weechat/weechat/security/advisories/GHSA-wmpc-m6g9-fwj8))
|
||||
- relay: fix read of uncompressed websocket frame ([#2331](https://github.com/weechat/weechat/issues/2331))
|
||||
- xfer: fix out-of-bounds write in xfer file transfer resume ([#2326](https://github.com/weechat/weechat/issues/2326))
|
||||
|
||||
+13
-11
@@ -2975,7 +2975,7 @@ command_help_list_plugin_commands (struct t_weechat_plugin *plugin,
|
||||
struct t_gui_buffer *ptr_buffer;
|
||||
int command_found, length, max_length, list_size;
|
||||
int cols, lines, col, line, index;
|
||||
char str_format[64], str_command[256], str_line[2048];
|
||||
char str_format[64], str_command[256], **str_line;
|
||||
|
||||
if (verbose)
|
||||
{
|
||||
@@ -3078,27 +3078,29 @@ command_help_list_plugin_commands (struct t_weechat_plugin *plugin,
|
||||
}
|
||||
|
||||
/* display lines with commands, in columns */
|
||||
for (line = 0; line < lines; line++)
|
||||
str_line = string_dyn_alloc (256);
|
||||
if (str_line)
|
||||
{
|
||||
str_line[0] = '\0';
|
||||
for (col = 0; col < cols; col++)
|
||||
for (line = 0; line < lines; line++)
|
||||
{
|
||||
index = (col * lines) + line;
|
||||
if (index < list_size)
|
||||
string_dyn_copy (str_line, NULL);
|
||||
for (col = 0; col < cols; col++)
|
||||
{
|
||||
item = weelist_get (list, index);
|
||||
if (item)
|
||||
index = (col * lines) + line;
|
||||
if (index < list_size)
|
||||
{
|
||||
if (strlen (str_line) + strlen (weelist_string (item)) + 1 < (int)sizeof (str_line))
|
||||
item = weelist_get (list, index);
|
||||
if (item)
|
||||
{
|
||||
snprintf (str_command, sizeof (str_command),
|
||||
str_format, weelist_string (item));
|
||||
strcat (str_line, str_command);
|
||||
string_dyn_concat (str_line, str_command, -1);
|
||||
}
|
||||
}
|
||||
}
|
||||
gui_chat_printf (NULL, "%s", *str_line);
|
||||
}
|
||||
gui_chat_printf (NULL, "%s", str_line);
|
||||
string_dyn_free (str_line, 1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user