mirror
/
ii
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check input length before reading 

thanks halbeno and quinq for the patches and feedback.
This commit is contained in:
Hiltjo Posthuma 2018-07-23 21:42:59 +02:00
parent 51cb204eb2
commit b25423f765
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ii.c
View File

@ -460,15 +460,21 @@ proc_channels_input(int ircfd, Channel *c, char *buf)
char *p = NULL; char *p = NULL;
size_t buflen; size_t buflen;
if (buf[0] != '/' && buf[0] != '\0') { if (buf[0] == '\0')
return;
if (buf[0] != '/') {
proc_channels_privmsg(ircfd, c, buf); proc_channels_privmsg(ircfd, c, buf);
return; return;
} }
msg[0] = '\0'; msg[0] = '\0';
if ((buflen = strlen(buf)) < 2)
return;
if (buf[2] == ' ' || buf[2] == '\0') { if (buf[2] == ' ' || buf[2] == '\0') {
buflen = strlen(buf);
switch (buf[1]) { switch (buf[1]) {
case 'j': /* join */ case 'j': /* join */
if (buflen < 3)
return;
if ((p = strchr(&buf[3], ' '))) /* password parameter */ if ((p = strchr(&buf[3], ' '))) /* password parameter */
*p = '\0'; *p = '\0';
if ((buf[3] == '#') || (buf[3] == '&') || (buf[3] == '+') || if ((buf[3] == '#') || (buf[3] == '&') || (buf[3] == '+') ||