summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorJoseph Bisch <joseph.bisch@gmail.com>2017-10-16 20:31:21 -0400
committerTingPing <tingping@tingping.se>2017-10-16 21:47:47 -0400
commita3db4e577307742965f5ba75daf03146164bd211 (patch)
tree719a5c2287485bf2e8bfdf27e03e57c20c09954b
parent1452e803fb5bde458fc3e6d2f1e130fd68c4bac9 (diff)
Fix oob read in ctcp_check
word[4] can be too short, leading to the addition of ctcp_offset
putting us out of bounds. This results in an oob read in ctcp_check.
-rw-r--r--src/common/ctcp.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/common/ctcp.c b/src/common/ctcp.c
index bf0a8e7f..a8e1ea8d 100644
--- a/src/common/ctcp.c
+++ b/src/common/ctcp.c
@@ -148,6 +148,9 @@ ctcp_handle (session *sess, char *to, char *nick, char *ip,
 		serv->p_nctcp (serv, nick, outbuf);
 	}
 
+	if (word[4][1] == '\0')
+		return;
+
 	if (!ctcp_check (sess, nick, word, word_eol, word[4] + ctcp_offset))
 	{
 		if (!g_ascii_strncasecmp (msg, "SOUND", 5))