[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: topiclen fix
tisdag 16 januari 2001 23:16 skrev du:
> On Tue, Jan 16, 2001 at 11:11:13PM +0100, Per von Zweigbergk wrote:
> > I could look into that. It shouldn't be very hard. Or maybe it will, if
> > the pointer to the topic is stored somewhere else than in the channel
> > struct.
>
> It is not hard, I think fiction is already working on that.
>
> p.
Well... I've already written a patch on this. I don't have anywhere to test
it, but it *should* work. If it doesn't, it's probably some null pointer
somewhere.
This might introduce some buffer overflow remote exploits, because I don't
check bounds anywhere, but I assume this won't ever be triggered, because the
maximum message length that a user can send to the server is fixed. This
might also introduce a memory leak or two.
Apply by standing in the source tree and using patch -p1.
/pv2b
diff -ur irc2.10.3p1/common/struct_def.h irc2.10.3p1+infinitetopic/common/struct_def.h
--- irc2.10.3p1/common/struct_def.h Wed Jun 7 00:32:57 2000
+++ irc2.10.3p1+infinitetopic/common/struct_def.h Wed Jan 17 00:47:44 2001
@@ -567,7 +567,7 @@
struct Channel *nextch, *prevch, *hnextch;
u_int hashv; /* raw hash value */
Mode mode;
- char topic[TOPICLEN+1];
+ char *topic;
int users; /* current membership total */
Link *members; /* channel members */
Link *invites; /* outstanding invitations */
diff -ur irc2.10.3p1/ircd/channel.c irc2.10.3p1+infinitetopic/ircd/channel.c
--- irc2.10.3p1/ircd/channel.c Wed Jun 7 00:34:27 2000
+++ irc2.10.3p1+infinitetopic/ircd/channel.c Wed Jan 17 00:48:33 2001
@@ -564,50 +564,49 @@
MODE_QUIET;
chptr = get_channel(mp, "&ERRORS", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: server errors");
+ chptr->topic = strdup("SERVER MESSAGES: server errors");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&NOTICES", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: warnings and notices");
+ chptr->topic = strdup("SERVER MESSAGES: warnings and notices");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&KILLS", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: operator and server kills");
+ chptr->topic = strdup("SERVER MESSAGES: operator and server kills");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&CHANNEL", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: fake modes");
+ chptr->topic = strdup("SERVER MESSAGES: fake modes");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&NUMERICS", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: numerics received");
+ chptr->topic = strdup("SERVER MESSAGES: numerics received");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&SERVERS", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: servers joining and leaving");
+ chptr->topic = strdup("SERVER MESSAGES: servers joining and leaving");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&HASH", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: hash tables growth");
+ chptr->topic = strdup("SERVER MESSAGES: hash tables growth");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&LOCAL", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: notices about local connections");
+ chptr->topic = strdup("SERVER MESSAGES: notices about local connections");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
chptr = get_channel(mp, "&SERVICES", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: services joining and leaving");
+ chptr->topic = strdup("SERVER MESSAGES: services joining and leaving");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
#if defined(USE_IAUTH)
chptr = get_channel(mp, "&AUTH", CREATE);
- strcpy(chptr->topic,
- "SERVER MESSAGES: messages from the authentication slave");
+ chptr->topic = strdup("SERVER MESSAGES: messages from the authentication slave");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode;
#endif
chptr = get_channel(mp, "&DEBUG", CREATE);
- strcpy(chptr->topic, "SERVER MESSAGES: debug messages [you shouldn't be here! ;)]");
+ chptr->topic = strdup("SERVER MESSAGES: debug messages [you shouldn't be here! ;)]");
add_user_to_channel(chptr, mp, CHFL_CHANOP);
chptr->mode.mode = smode|MODE_SECRET;
@@ -1826,6 +1825,12 @@
chptr->prevch = NULL;
chptr->nextch = channel;
chptr->history = 0;
+ chptr->topic = malloc(1);
+ if (chptr->topic == NULL) {
+ free (chptr);
+ return NULL;
+ }
+ chptr->topic[0] = '\0';
channel = chptr;
(void)add_to_channel_hash_table(chname, chptr);
}
@@ -1946,8 +1951,10 @@
if (*chptr->chname == '!' && close_chid(chptr->chname+1))
cache_chid(chptr);
- else
+ else {
+ free (chptr->topic);
MyFree((char *)chptr);
+ }
}
}
@@ -2747,7 +2754,8 @@
else if ((chptr->mode.mode & MODE_TOPICLIMIT) == 0 ||
is_chan_op(sptr, chptr))
{ /* setting a topic */
- strncpyzt(chptr->topic, topic, sizeof(chptr->topic));
+ free (chptr->topic);
+ chptr->topic = strdup(topic);
sendto_match_servs(chptr, cptr,":%s TOPIC %s :%s",
parv[0], chptr->chname,
chptr->topic);