Fix oob read caused by ptr[0] being NULL in inbound_notice

If ptr[0] is NULL, then strchr may return a pointer to the NULL terminator for serv->nick_prefixes, making the if statement true, which then leads to the pointer increment leaving ptr oob. Now we check to ensure ptr[0] != NULL. From the Linux manpages for strchr: The terminating null byte is considered part of the string, so that if c is specified as '\0', these functions return a pointer to the terminator.
author: Joseph Bisch <joseph.bisch@gmail.com> 2017-09-18 21:40:57 -0400
committer: TingPing <tingping@tingping.se> 2017-09-18 22:01:48 -0400
commit: f4a592c4f0364d35068bca9f2634946750340356 (patch)
tree: db6e2996b8fc025a77ea9e1740aa07f0a3868061
parent: a388d0c553f495719204662515945b4c6e0cbdad (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/common/inbound.c b/src/common/inbound.c
index fae0fd34..86442fa8 100644
--- a/src/common/inbound.c
+++ b/src/common/inbound.c
@@ -940,7 +940,7 @@ inbound_notice (server *serv, char *to, char *nick, char *msg, char *ip, int id,
 		sess = find_channel (serv, ptr);
 
 	/* /notice [mode-prefix]#channel should end up in that channel */
-	if (!sess && strchr(serv->nick_prefixes, ptr[0]) != NULL)
+	if (!sess && ptr[0] && strchr(serv->nick_prefixes, ptr[0]) != NULL)
 	{
 		ptr++;
 		sess = find_channel (serv, ptr);
author	Joseph Bisch <joseph.bisch@gmail.com>	2017-09-18 21:40:57 -0400
committer	TingPing <tingping@tingping.se>	2017-09-18 22:01:48 -0400
commit	f4a592c4f0364d35068bca9f2634946750340356 (patch)
tree	db6e2996b8fc025a77ea9e1740aa07f0a3868061
parent	a388d0c553f495719204662515945b4c6e0cbdad (diff)