Skip to content
Permalink
Browse files

irc: fix crash when receiving a malformed message 324 (channel mode) …

…(CVE-2020-8955)

Thanks to Stuart Nevans Locke for reporting the issue.
  • Loading branch information
flashcode committed Feb 14, 2020
1 parent 410a12b commit 51a739df615f8ec66fbe1e9682ec3c3218254ad7
Showing with 19 additions and 9 deletions.
  1. +7 −0 ChangeLog.adoc
  2. +12 −9 src/plugins/irc/irc-mode.c
@@ -15,6 +15,13 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
(file _ReleaseNotes.adoc_ in sources).


[[v2.7.1]]
== Version 2.7.1 (under dev)

Bug fixes::

* irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)

[[v2.7]]
== Version 2.7 (2019-12-08)

@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
current_arg++;
if (pos[0] == chanmode)
{
chanmode_found = 1;
if (set_flag == '+')
if (!chanmode_found)
{
str_mode[0] = pos[0];
str_mode[1] = '\0';
strcat (new_modes, str_mode);
if (argument)
chanmode_found = 1;
if (set_flag == '+')
{
if (new_args[0])
strcat (new_args, " ");
strcat (new_args, argument);
str_mode[0] = pos[0];
str_mode[1] = '\0';
strcat (new_modes, str_mode);
if (argument)
{
if (new_args[0])
strcat (new_args, " ");
strcat (new_args, argument);
}
}
}
}

0 comments on commit 51a739d

Please sign in to comment.
You can’t perform that action at this time.