From e15f659277f44ddb1f5b132d8e0f5ecf5cc4062f Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 27 Feb 2026 20:25:10 +0100 Subject: [PATCH] fix: Fix NULL dereference and memory leak in _mam_rsm_id_handler Add NULL checks before calling 'strlen' and also ensures that the string is long enough before attempting to offset it by 3. --- src/xmpp/iq.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/xmpp/iq.c b/src/xmpp/iq.c index 48f5e9f0..b943286e 100644 --- a/src/xmpp/iq.c +++ b/src/xmpp/iq.c @@ -2783,13 +2783,17 @@ _mam_rsm_id_handler(xmpp_stanza_t* const stanza, void* const userdata) if (data->start_datestr) { start_str = strdup(data->start_datestr); // Convert to iso8601 - start_str[strlen(start_str) - 3] = '\0'; + if (start_str && strlen(start_str) >= 3) { + start_str[strlen(start_str) - 3] = '\0'; + } } - char* end_str = NULL; + auto_char char* end_str = NULL; if (data->end_datestr) { end_str = strdup(data->end_datestr); // Convert to iso8601 - end_str[strlen(end_str) - 3] = '\0'; + if (end_str && strlen(end_str) >= 3) { + end_str[strlen(end_str) - 3] = '\0'; + } } if (is_complete || !data->fetch_next) {