Merge branch 'fix-gl8' into 'security'

Fix oob read of one byte in get_file_params_count See merge request !12
author: Nei <ailin.nemui@gmail.com> 2017-05-30 19:38:19 +0000
committer: Nei <ailin.nemui@gmail.com> 2017-05-30 19:38:19 +0000
commit: 84503427b072e5bb2830cd6a5b63849785587f41 (patch)
tree: cb8c77ed41e8fd0c25c96c65a58889bc2e144977 /src/irc
parent: 10cea6169694808ab2bf2caf9451cfac2db0d9da (diff)
parent: 30a92754bb650c3dedd507d41110443142899a65 (diff)
download: irssi-84503427b072e5bb2830cd6a5b63849785587f41.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/src/irc/dcc/dcc-get.c b/src/irc/dcc/dcc-get.c
index 73c1b864..eff516db 100644
--- a/src/irc/dcc/dcc-get.c
+++ b/src/irc/dcc/dcc-get.c
@@ -382,6 +382,8 @@ int get_file_params_count(char **params, int paramcount)
 	if (*params[0] == '"') {
 		/* quoted file name? */
 		for (pos = 0; pos < paramcount-3; pos++) {
+			if (strlen(params[pos]) == 0)
+				continue;
 			if (params[pos][strlen(params[pos])-1] == '"' &&
 			    get_params_match(params, pos+1))
 				return pos+1;
diff --git a/src/irc/dcc/dcc-resume.c b/src/irc/dcc/dcc-resume.c
index 36f84ddf..ce0ac925 100644
--- a/src/irc/dcc/dcc-resume.c
+++ b/src/irc/dcc/dcc-resume.c
@@ -62,6 +62,8 @@ int get_file_params_count_resume(char **params, int paramcount)
 	if (*params[0] == '"') {
 		/* quoted file name? */
 		for (pos = 0; pos < paramcount-2; pos++) {
+			if (strlen(params[pos]) == 0)
+				continue;
 			if (params[pos][strlen(params[pos])-1] == '"' &&
 			    get_params_match_resume(params, pos+1))
 				return pos+1;
author	Nei <ailin.nemui@gmail.com>	2017-05-30 19:38:19 +0000
committer	Nei <ailin.nemui@gmail.com>	2017-05-30 19:38:19 +0000
commit	84503427b072e5bb2830cd6a5b63849785587f41 (patch)
tree	cb8c77ed41e8fd0c25c96c65a58889bc2e144977 /src/irc
parent	10cea6169694808ab2bf2caf9451cfac2db0d9da (diff)
parent	30a92754bb650c3dedd507d41110443142899a65 (diff)
download	irssi-84503427b072e5bb2830cd6a5b63849785587f41.zip