diff options
author | ailin-nemui <ailin-nemui@users.noreply.github.com> | 2017-01-03 13:44:58 +0100 |
---|---|---|
committer | ailin-nemui <ailin-nemui@users.noreply.github.com> | 2017-01-03 13:44:58 +0100 |
commit | 78ba05985d8fed883a8b26ffef4878acdae58fff (patch) | |
tree | 733934527ce98cb4c9ecdd7fb20001650fabcd53 /src | |
parent | 01163710e71318c6c2fd3f797f6b878f92b7f97b (diff) | |
parent | 7a112e021724af582a06eed8f92fafb772438c13 (diff) | |
download | irssi-78ba05985d8fed883a8b26ffef4878acdae58fff.zip |
Merge branch 'security' into 'master'
See merge request !7
Diffstat (limited to 'src')
-rw-r--r-- | src/fe-common/core/formats.c | 10 | ||||
-rw-r--r-- | src/fe-text/term-terminfo.c | 13 | ||||
-rw-r--r-- | src/irc/core/irc-nicklist.c | 6 | ||||
-rw-r--r-- | src/irc/core/irc-queries.c | 2 |
4 files changed, 26 insertions, 5 deletions
diff --git a/src/fe-common/core/formats.c b/src/fe-common/core/formats.c index a58d839a..17c13a97 100644 --- a/src/fe-common/core/formats.c +++ b/src/fe-common/core/formats.c @@ -68,7 +68,7 @@ static void format_expand_code(const char **format, GString *out, int *flags) if (flags == NULL) { /* flags are being ignored - skip the code */ - while (**format != ']') + while (**format != ']' && **format != '\0') (*format)++; return; } @@ -246,6 +246,10 @@ int format_expand_styles(GString *out, const char **format, int *flags) case '[': /* code */ format_expand_code(format, out, flags); + if ((*format)[0] == '\0') + /* oops, reached end prematurely */ + (*format)--; + break; case 'x': case 'X': @@ -956,6 +960,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str, str++; for (num2 = 0; i_isdigit(*str); str++) num2 = num2*10 + (*str-'0'); + if (*str == '\0') return start; switch (num2) { case 2: @@ -973,6 +978,8 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str, for (; i_isdigit(*str); str++) num2 = (num2&~0xff) | (((num2&0xff) * 10 + (*str-'0'))&0xff); + + if (*str == '\0') return start; } if (i == -1) break; @@ -1001,6 +1008,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str, str++; for (num2 = 0; i_isdigit(*str); str++) num2 = num2*10 + (*str-'0'); + if (*str == '\0') return start; if (num == 38) { flags &= ~GUI_PRINT_FLAG_COLOR_24_FG; diff --git a/src/fe-text/term-terminfo.c b/src/fe-text/term-terminfo.c index b2478c62..3098a4e4 100644 --- a/src/fe-text/term-terminfo.c +++ b/src/fe-text/term-terminfo.c @@ -539,9 +539,16 @@ int term_addstr(TERM_WINDOW *window, const char *str) if (term_type == TERM_TYPE_UTF8) { while (*ptr != '\0') { - tmp = g_utf8_get_char(ptr); - len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1; - ptr = g_utf8_next_char(ptr); + tmp = g_utf8_get_char_validated(ptr, -1); + /* On utf8 error, treat as single byte and try to + continue interpretting rest of string as utf8 */ + if (tmp == (gunichar)-1 || tmp == (gunichar)-2) { + len++; + ptr++; + } else { + len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1; + ptr = g_utf8_next_char(ptr); + } } } else len = raw_len; diff --git a/src/irc/core/irc-nicklist.c b/src/irc/core/irc-nicklist.c index b22f3269..1cb1f3e9 100644 --- a/src/irc/core/irc-nicklist.c +++ b/src/irc/core/irc-nicklist.c @@ -314,7 +314,11 @@ static void event_whois_ircop(SERVER_REC *server, const char *data) static void event_nick_invalid(IRC_SERVER_REC *server, const char *data) { if (!server->connected) - server_disconnect((SERVER_REC *) server); + /* we used to call server_disconnect but that crashes + irssi because of undefined memory access. instead, + indicate that the connection should be dropped and + let the irc method to the clean-up. */ + server->connection_lost = server->no_reconnect = TRUE; } static void event_nick_in_use(IRC_SERVER_REC *server, const char *data) diff --git a/src/irc/core/irc-queries.c b/src/irc/core/irc-queries.c index b611e621..64995ead 100644 --- a/src/irc/core/irc-queries.c +++ b/src/irc/core/irc-queries.c @@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC *server, const char *nick) { GSList *tmp; + g_return_val_if_fail(nick != NULL, NULL); + for (tmp = server->queries; tmp != NULL; tmp = tmp->next) { QUERY_REC *rec = tmp->data; |