From 30a92754bb650c3dedd507d41110443142899a65 Mon Sep 17 00:00:00 2001
From: Joseph Bisch <joseph.bisch@gmail.com>
Date: Mon, 29 May 2017 14:43:24 -0400
Subject: [PATCH] Fix oob read of one byte in get_file_params_count{,_resume}
We can use continue to handle cases such as:
"ab<space><space>c"
---
src/irc/dcc/dcc-get.c | 2 ++
src/irc/dcc/dcc-resume.c | 2 ++
2 files changed, 4 insertions(+)
Index: irssi-0.8.20/src/irc/dcc/dcc-get.c
===================================================================
--- irssi-0.8.20.orig/src/irc/dcc/dcc-get.c 2017-06-08 15:14:26.452152546 -0400
+++ irssi-0.8.20/src/irc/dcc/dcc-get.c 2017-06-08 15:14:26.452152546 -0400
@@ -374,6 +374,8 @@ int get_file_params_count(char **params,
if (*params[0] == '"') {
/* quoted file name? */
for (pos = 0; pos < paramcount-3; pos++) {
+ if (strlen(params[pos]) == 0)
+ continue;
if (params[pos][strlen(params[pos])-1] == '"' &&
get_params_match(params, pos+1))
return pos+1;
Index: irssi-0.8.20/src/irc/dcc/dcc-resume.c
===================================================================
--- irssi-0.8.20.orig/src/irc/dcc/dcc-resume.c 2017-06-08 15:14:26.452152546 -0400
+++ irssi-0.8.20/src/irc/dcc/dcc-resume.c 2017-06-08 15:14:26.452152546 -0400
@@ -62,6 +62,8 @@ int get_file_params_count_resume(char **
if (*params[0] == '"') {
/* quoted file name? */
for (pos = 0; pos < paramcount-2; pos++) {
+ if (strlen(params[pos]) == 0)
+ continue;
if (params[pos][strlen(params[pos])-1] == '"' &&
get_params_match_resume(params, pos+1))
return pos+1;
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
01b013293136707633b83f61972e1aae
>
files
>
4
