diff options
author | Nei <ailin.nemui@gmail.com> | 2017-05-30 19:38:19 +0000 |
---|---|---|
committer | Nei <ailin.nemui@gmail.com> | 2017-05-30 19:38:19 +0000 |
commit | 84503427b072e5bb2830cd6a5b63849785587f41 (patch) | |
tree | cb8c77ed41e8fd0c25c96c65a58889bc2e144977 /src | |
parent | 10cea6169694808ab2bf2caf9451cfac2db0d9da (diff) | |
parent | 30a92754bb650c3dedd507d41110443142899a65 (diff) | |
download | irssi-84503427b072e5bb2830cd6a5b63849785587f41.zip |
Merge branch 'fix-gl8' into 'security'
Fix oob read of one byte in get_file_params_count
See merge request !12
Diffstat (limited to 'src')
-rw-r--r-- | src/irc/dcc/dcc-get.c | 2 | ||||
-rw-r--r-- | src/irc/dcc/dcc-resume.c | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/src/irc/dcc/dcc-get.c b/src/irc/dcc/dcc-get.c index 73c1b864..eff516db 100644 --- a/src/irc/dcc/dcc-get.c +++ b/src/irc/dcc/dcc-get.c @@ -382,6 +382,8 @@ int get_file_params_count(char **params, int paramcount) if (*params[0] == '"') { /* quoted file name? */ for (pos = 0; pos < paramcount-3; pos++) { + if (strlen(params[pos]) == 0) + continue; if (params[pos][strlen(params[pos])-1] == '"' && get_params_match(params, pos+1)) return pos+1; diff --git a/src/irc/dcc/dcc-resume.c b/src/irc/dcc/dcc-resume.c index 36f84ddf..ce0ac925 100644 --- a/src/irc/dcc/dcc-resume.c +++ b/src/irc/dcc/dcc-resume.c @@ -62,6 +62,8 @@ int get_file_params_count_resume(char **params, int paramcount) if (*params[0] == '"') { /* quoted file name? */ for (pos = 0; pos < paramcount-2; pos++) { + if (strlen(params[pos]) == 0) + continue; if (params[pos][strlen(params[pos])-1] == '"' && get_params_match_resume(params, pos+1)) return pos+1; |