patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c

author Foxe Chen <chen.foxe@gmail.com>

Sun, 17 May 2026 20:42:20 +0000 (20:42 +0000)

committer Christian Brabandt <cb@256bit.org>

Sun, 17 May 2026 20:42:20 +0000 (20:42 +0000)
author Foxe Chen <chen.foxe@gmail.com>
Sun, 17 May 2026 20:42:20 +0000 (20:42 +0000)
committer Christian Brabandt <cb@256bit.org>
Sun, 17 May 2026 20:42:20 +0000 (20:42 +0000)
diff --git a/src/if_xcmdsrv.c b/src/if_xcmdsrv.c

index 070e0db099456540bdc978fe147ec21d4cffe927..43e1e34070ba48a5f480ce555a39ffbaa3d9afed 100644 (file)
--- a/src/if_xcmdsrv.c
+++ b/src/if_xcmdsrv.c
@@ -1333,7 +1333,7 @@ server_parse_message(
  
                         // Initialize the result property.
                         ga_init2(&reply, 1, 100);
-                       (void)ga_grow(&reply, 50 + STRLEN(p_enc));
+                       (void)ga_grow(&reply, 50 + STRLEN(p_enc) + STRLEN(serial));
                         sprintf(reply.ga_data, "%cr%c-E %s%c-s %s%c-r ",
                                                    0, 0, p_enc, 0, serial, 0);
                         reply.ga_len = 14 + STRLEN(p_enc) + STRLEN(serial);
diff --git a/src/version.c b/src/version.c

index 2eaaa45624879028adfd1b65172ef348dae8bcc2..f348ffc9ef52e54ee2ec01b4c6ec245b6b4dff56 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    498,
  /**/
      497,
  /**/
author	Foxe Chen <chen.foxe@gmail.com>
	Sun, 17 May 2026 20:42:20 +0000 (20:42 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Sun, 17 May 2026 20:42:20 +0000 (20:42 +0000)
src/if_xcmdsrv.c		patch \| blob \| blame \| history
src/version.c		patch \| blob \| blame \| history