Anope IRC Services

Anope.org => Anope General => Topic started by: 4144 on December 06, 2006, 09:25:35 PM

Title: small bug
Post by: 4144 on December 06, 2006, 09:25:35 PM

Hello.
I find potential bug in file channels.c
This code:

Code: [Select]


            while (csmodes[(int) *s] != 0)
                *end2++ = csmodes[(int) *s++];
            *end2 = 0;

Size of csmodes is 128 bytes, but in some situations variable 's' is user nick. if user use localized nicks, char at *s location may have code more then 128, then csmodes[*s] reads memory outside the csmodes array.

Maybe need change to this:

Code: [Select]


            while (((unsigned int) *s < 128) && (csmodes[(int) *s] != 0))
                *end2++ = csmodes[(int) *s++];
            *end2 = 0;


This code exists in Anope 1.6.4 and in Anope 1.7.17, other versions not tested.

Title:
Post by: heinz on December 06, 2006, 11:00:28 PM

Bugs reports should be posted at http://bugs.anope.org so they are recorded and dealt with appropriately. Thanks.