I2PTunnel IRC Client: Prevent AIOOBE (ticket #1254)

2014-04-18 16:44:39 +00:00
parent 029198c213
commit 3930113f00
3 changed files with 12 additions and 3 deletions
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/irc/IRCFilter.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/irc/IRCFilter.java
@@ -301,6 +301,8 @@ abstract class IRCFilter {
        // in addition to the CTCP version
        if("NOTICE".equals(command))
        {
+            if (field.length < 3)
+                return s;  // invalid, allow server response
            String msg = field[2];
            if(msg.startsWith(":DCC "))
                return filterDCCOut(field[0] + ' ' + field[1] + " :DCC ", msg.substring(5), helper);
@@ -310,8 +312,9 @@ abstract class IRCFilter {
        // Allow PRIVMSG, but block CTCP (except ACTION).
        if("PRIVMSG".equals(command) || "NOTICE".equals(command))
        {
-            String msg;
-            msg = field[2];
+            if (field.length < 3)
+                return s;  // invalid, allow server response
+            String msg = field[2];
        
            if(msg.indexOf(0x01) >= 0) // CTCP marker ^A can be anywhere, not just immediately after the ':'
            {
@@ -345,6 +348,8 @@ abstract class IRCFilter {
        }
        
        if("USER".equals(command)) {
+            if (field.length < 3)
+                return s;  // invalid, allow server response
            int idx = field[2].lastIndexOf(":");
            if(idx<0)
                return "USER user hostname localhost :realname";
--- a/history.txt
+++ b/history.txt
@@ -1,5 +1,6 @@
 2014-04-18 zzz
 * configclients: Don't allow console disable
+ * I2PTunnel IRC Client: Prevent AIOOBE (ticket #1254)
 * SusiMail:
   - Extend session expiration (ticket #1253)
   - Handle non-UTF8 encoding on header lines (ticket #508)
@@ -8,6 +9,9 @@
   - Remove sort-by-ID buttons
   - Hide "reload config" button unless config file is present
   - Increase default page size
+   - Don't force reconnection on folder view (ticket #1253)
+   - Button theme tweaks
+   - Only show logout button on folder view
   - Add dependency tracking to build

 2014-04-17 zzz
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
    /** deprecated */
    public final static String ID = "Monotone";
    public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 5;
+    public final static long BUILD = 6;

    /** for example "-test" */
    public final static String EXTRA = "";