Anope IRC Services
Anope.org => Anope General => Topic started by: 4144 on December 06, 2006, 09:25:35 PM
-
Hello.
I find potential bug in file channels.c
This code:
while (csmodes[(int) *s] != 0)
*end2++ = csmodes[(int) *s++];
*end2 = 0;
Size of csmodes is 128 bytes, but in some situations variable 's' is user nick. if user use localized nicks, char at *s location may have code more then 128, then csmodes[*s] reads memory outside the csmodes array.
Maybe need change to this:
while (((unsigned int) *s < 128) && (csmodes[(int) *s] != 0))
*end2++ = csmodes[(int) *s++];
*end2 = 0;
This code exists in Anope 1.6.4 and in Anope 1.7.17, other versions not tested.
-
Bugs reports should be posted at http://bugs.anope.org so they are recorded and dealt with appropriately. Thanks.