blackbeard420/weechat
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

irc: fix crash when a new message 005 is received with longer nick prefixes

Browse Source 
Thanks to Stuart Nevans Locke for reporting the issue.
This commit is contained in:
Sébastien Helleu 2020-02-14 08:11:02 +01:00
parent 51a739df61
commit 694b5c9f87
4 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.adoc
View File

@ -20,6 +20,7 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
Bug fixes::
* irc: fix crash when a new message 005 is received with longer nick prefixes
* irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)
[[v2.7]]

47
src/plugins/irc/irc-nick.c
View File

@ -643,6 +643,53 @@ irc_nick_set_mode (struct t_irc_server *server, struct t_irc_channel *channel,
}
}
/*
* Reallocates the "prefixes" string in all nicks of all channels on the server
* (after 005 has been received).
*/
void
irc_nick_realloc_prefixes (struct t_irc_server *server,
int old_length, int new_length)
{
struct t_irc_channel *ptr_channel;
struct t_irc_nick *ptr_nick;
char *new_prefixes;
for (ptr_channel = server->channels; ptr_channel;
ptr_channel = ptr_channel->next_channel)
{
for (ptr_nick = ptr_channel->nicks; ptr_nick;
ptr_nick = ptr_nick->next_nick)
{
if (ptr_nick->prefixes)
{
new_prefixes = realloc (ptr_nick->prefixes, new_length + 1);
if (new_prefixes)
{
ptr_nick->prefixes = new_prefixes;
if (new_length > old_length)
{
memset (ptr_nick->prefixes + old_length,
' ',
new_length - old_length);
}
ptr_nick->prefixes[new_length] = '\0';
}
}
else
{
ptr_nick->prefixes = malloc (new_length + 1);
if (ptr_nick->prefixes)
{
memset (ptr_nick->prefixes, ' ', new_length);
ptr_nick->prefixes[new_length] = '\0';
}
}
}
}
}
/*
* Removes a nick from a channel.
*/

2
src/plugins/irc/irc-nick.h
View File

@ -74,6 +74,8 @@ extern void irc_nick_change (struct t_irc_server *server,
extern void irc_nick_set_mode (struct t_irc_server *server,
struct t_irc_channel *channel,
struct t_irc_nick *nick, int set, char mode);
extern void irc_nick_realloc_prefixes (struct t_irc_server *server,
int old_length, int new_length);
extern void irc_nick_free (struct t_irc_server *server,
struct t_irc_channel *channel,
struct t_irc_nick *nick);

13
src/plugins/irc/irc-server.c
View File

@ -988,11 +988,15 @@ irc_server_set_prefix_modes_chars (struct t_irc_server *server,
const char *prefix)
{
char *pos;
int i, length_modes, length_chars;
int i, old_length_chars, length_modes, length_chars;
if (!server || !prefix)
return;
old_length_chars = (server->prefix_chars) ?
strlen (server->prefix_chars) :
strlen (irc_server_prefix_chars_default);
/* free previous values */
if (server->prefix_modes)
{
@ -1032,6 +1036,13 @@ irc_server_set_prefix_modes_chars (struct t_irc_server *server,
}
}
}
length_chars = (server->prefix_chars) ?
strlen (server->prefix_chars) :
strlen (irc_server_prefix_chars_default);
if (length_chars != old_length_chars)
irc_nick_realloc_prefixes (server, old_length_chars, length_chars);
}
/*