Skip to content

Commit

Permalink
Sanitize message tag parsing
Browse files Browse the repository at this point in the history
  • Loading branch information
@progval
progval committed Oct 24, 2021
1 parent b994924 commit 30d26f3
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/sirc/sirc_parse.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,14 +119,23 @@ SircMessage* sirc_parse(char *line){
}

imsg->ntags = ntags;
imsg->tags = g_malloc_n(ntags, sizeof(SircMessageTag));
imsg->tags = g_malloc0_n(ntags, sizeof(SircMessageTag));
size_t i=0;
char current_tag_key[TAGS_SIZE_LIMIT];
char current_tag_value[TAGS_SIZE_LIMIT];
char *current_tag_key_ptr = current_tag_key;
char *current_tag_value_ptr = current_tag_value;
gboolean in_key = TRUE;
for (char *p=tags_ptr; ; p++){
if (*p == '\0') {
ERR_FR("Unexpected null byte in message tags");
goto bad;
}
if (p >= (tags_ptr + TAGS_SIZE_LIMIT)) {
ERR_FR("Message tag exceeds maximum size");
goto bad;
}

if (*p == ';' || *p == ' '){
/* next tag or end of tags*/
in_key = TRUE;
Expand Down

0 comments on commit 30d26f3

Please sign in to comment.