fix truncation check - Githubissues

ergochat / ergo

A modern IRC server (daemon/ircd) written in Go.

https://ergo.chat/

MIT License

2.2k stars 175 forks source link

fix truncation check #2170

Closed slingamn closed 3 weeks ago

slingamn commented 3 weeks ago

The message target was not being counted :-(
The additional character added to the target by STATUSMSG was not counted

This will break irctest, but the irctest is actually wrong: https://github.com/progval/irctest/pull/281

slingamn commented 3 weeks ago

This is not a security issue because ircmsg will always fall back to truncating to <=512 bytes of valid UTF8, it's just an issue with the correctness of allow-truncation: false.