(I hope this is plaintext and not html, sorry if it is.)
handle_channels_input allocates a buffer without zeroing it, reads
input, and then proc_channels_input reads bytes that might be beyond
the end of the string.
The first patch handles inputs of '\n' and '/\n', and the second
handles '/j\n' since /j is the only command missing proper guards for
this. '/j \n' would attempt to join the master channel, which is
pointless, but I think that is already handled.
Received on Wed May 23 2018 - 02:47:25 CEST