[hackers] [ii][patch] Check input length before reading

From: Bryan Tweedle <blahone.zero_AT_gmail.com>
Date: Tue, 22 May 2018 18:47:25 -0600

(I hope this is plaintext and not html, sorry if it is.)

handle_channels_input allocates a buffer without zeroing it, reads
input, and then proc_channels_input reads bytes that might be beyond
the end of the string.
The first patch handles inputs of '\n' and '/\n', and the second
handles '/j\n' since /j is the only command missing proper guards for
this. '/j \n' would attempt to join the master channel, which is
pointless, but I think that is already handled.

Received on Wed May 23 2018 - 02:47:25 CEST

This archive was generated by hypermail 2.3.0 : Wed May 23 2018 - 02:48:23 CEST