albino
/
ngircd-tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- replaced a lot of strcat() calls with strlcat() which is more secure.

This commit is contained in:
Alexander Barton 2002-12-26 16:48:14 +00:00
parent 0ced4181b0
commit 6626395c88
10 changed files with 73 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ngircd/channel.c
View File

@ -17,7 +17,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: channel.c,v 1.40 2002/12/26 16:25:43 alex Exp $";
static char UNUSED id[] = "$Id: channel.c,v 1.41 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -494,7 +494,7 @@ Channel_ModeAdd( CHANNEL *Chan, CHAR Mode )
if( ! strchr( Chan->modes, x[0] ))
{
/* Client hat den Mode noch nicht -> setzen */
strcat( Chan->modes, x );
strlcat( Chan->modes, x, sizeof( Chan->modes ));
return TRUE;
}
else return FALSE;
@ -547,7 +547,7 @@ Channel_UserModeAdd( CHANNEL *Chan, CLIENT *Client, CHAR Mode )
if( ! strchr( cl2chan->modes, x[0] ))
{
/* Client hat den Mode noch nicht -> setzen */
strcat( cl2chan->modes, x );
strlcat( cl2chan->modes, x, sizeof( cl2chan->modes ));
return TRUE;
}
else return FALSE;

4
src/ngircd/client.c
View File

@ -17,7 +17,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: client.c,v 1.68 2002/12/26 16:25:43 alex Exp $";
static char UNUSED id[] = "$Id: client.c,v 1.69 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -465,7 +465,7 @@ Client_ModeAdd( CLIENT *Client, CHAR Mode )
if( ! strchr( Client->modes, x[0] ))
{
/* Client hat den Mode noch nicht -> setzen */
strcat( Client->modes, x );
strlcat( Client->modes, x, sizeof( Client->modes ));
return TRUE;
}
else return FALSE;

6
src/ngircd/conf.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: conf.c,v 1.49 2002/12/26 16:25:43 alex Exp $";
static char UNUSED id[] = "$Id: conf.c,v 1.50 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -178,8 +178,8 @@ Set_Defaults( VOID )
strcpy( Conf_ServerAdmin2, "" );
strcpy( Conf_ServerAdminMail, "" );
strcpy( Conf_MotdFile, SYSCONFDIR );
strcat( Conf_MotdFile, MOTD_FILE );
strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile ));
strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile ));
Conf_ListenPorts_Count = 0;

4
src/ngircd/conn.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: conn.c,v 1.107 2002/12/19 04:35:26 alex Exp $";
static char UNUSED id[] = "$Id: conn.c,v 1.108 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -495,7 +495,7 @@ va_dcl
if( NGIRCd_Sniffer ) Log( LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer );
#endif
strcat( buffer, "\r\n" );
strlcat( buffer, "\r\n", sizeof( buffer ));
ok = Conn_Write( Idx, buffer, strlen( buffer ));
My_Connections[Idx].msg_out++;

52
src/ngircd/irc-info.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: irc-info.c,v 1.9 2002/12/22 23:30:33 alex Exp $";
static char UNUSED id[] = "$Id: irc-info.c,v 1.10 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -104,8 +104,8 @@ IRC_ISON( CLIENT *Client, REQUEST *Req )
if( c && ( Client_Type( c ) == CLIENT_USER ))
{
/* Dieser Nick ist "online" */
strcat( rpl, ptr );
strcat( rpl, " " );
strlcat( rpl, ptr, sizeof( rpl ));
strlcat( rpl, " ", sizeof( rpl ));
}
ptr = strtok( NULL, " " );
}
@ -302,8 +302,8 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req )
if(( Client_Type( c ) == CLIENT_USER ) && ( Channel_FirstChannelOf( c ) == NULL ) && ( ! strchr( Client_Modes( c ), 'i' )))
{
/* Okay, das ist ein User: anhaengen */
if( rpl[strlen( rpl ) - 1] != ':' ) strcat( rpl, " " );
strcat( rpl, Client_ID( c ));
if( rpl[strlen( rpl ) - 1] != ':' ) strlcat( rpl, " ", sizeof( rpl ));
strlcat( rpl, Client_ID( c ), sizeof( rpl ));
if( strlen( rpl ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 ))
{
@ -464,15 +464,15 @@ IRC_USERHOST( CLIENT *Client, REQUEST *Req )
if( c && ( Client_Type( c ) == CLIENT_USER ))
{
/* Dieser Nick ist "online" */
strcat( rpl, Client_ID( c ));
if( Client_HasMode( c, 'o' )) strcat( rpl, "*" );
strcat( rpl, "=" );
if( Client_HasMode( c, 'a' )) strcat( rpl, "-" );
else strcat( rpl, "+" );
strcat( rpl, Client_User( c ));
strcat( rpl, "@" );
strcat( rpl, Client_Hostname( c ));
strcat( rpl, " " );
strlcat( rpl, Client_ID( c ), sizeof( rpl ));
if( Client_HasMode( c, 'o' )) strlcat( rpl, "*", sizeof( rpl ));
strlcat( rpl, "=", sizeof( rpl ));
if( Client_HasMode( c, 'a' )) strlcat( rpl, "-", sizeof( rpl ));
else strlcat( rpl, "+", sizeof( rpl ));
strlcat( rpl, Client_User( c ), sizeof( rpl ));
strlcat( rpl, "@", sizeof( rpl ));
strlcat( rpl, Client_Hostname( c ), sizeof( rpl ));
strlcat( rpl, " ", sizeof( rpl ));
}
}
if( rpl[strlen( rpl ) - 1] == ' ' ) rpl[strlen( rpl ) - 1] = '\0';
@ -572,7 +572,7 @@ IRC_WHO( CLIENT *Client, REQUEST *Req )
{
/* Flags zusammenbasteln */
strcpy( flags, "H" );
if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" );
if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags ));
/* ausgeben */
cl2chan = Channel_FirstChannelOf( c );
@ -644,10 +644,10 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req )
assert( chan != NULL );
/* Channel-Name anhaengen */
if( str[strlen( str ) - 1] != ':' ) strcat( str, " " );
if( strchr( Channel_UserModes( chan, c ), 'o' )) strcat( str, "@" );
else if( strchr( Channel_UserModes( chan, c ), 'v' )) strcat( str, "+" );
strcat( str, Channel_Name( chan ));
if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str ));
if( strchr( Channel_UserModes( chan, c ), 'o' )) strlcat( str, "@", sizeof( str ));
else if( strchr( Channel_UserModes( chan, c ), 'v' )) strlcat( str, "+", sizeof( str ));
strlcat( str, Channel_Name( chan ), sizeof( str ));
if( strlen( str ) > ( LINE_LEN - CHANNEL_NAME_LEN - 4 ))
{
@ -806,10 +806,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
if( is_member || is_visible )
{
/* Nick anhaengen */
if( str[strlen( str ) - 1] != ':' ) strcat( str, " " );
if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strcat( str, "@" );
else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strcat( str, "+" );
strcat( str, Client_ID( cl ));
if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str ));
if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strlcat( str, "@", sizeof( str ));
else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strlcat( str, "+", sizeof( str ));
strlcat( str, Client_ID( cl ), sizeof( str ));
if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 ))
{
@ -859,9 +859,9 @@ IRC_Send_WHO( CLIENT *Client, CHANNEL *Chan, BOOLEAN OnlyOps )
{
/* Flags zusammenbasteln */
strcpy( flags, "H" );
if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" );
if( strchr( Channel_UserModes( Chan, c ), 'o' )) strcat( flags, "@" );
else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strcat( flags, "+" );
if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags ));
if( strchr( Channel_UserModes( Chan, c ), 'o' )) strlcat( flags, "@", sizeof( flags ));
else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strlcat( flags, "+", sizeof( flags ));
/* ausgeben */
if(( ! OnlyOps ) || ( strchr( Client_Modes( c ), 'o' )))

30
src/ngircd/irc-mode.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: irc-mode.c,v 1.24 2002/12/18 14:16:21 alex Exp $";
static char UNUSED id[] = "$Id: irc-mode.c,v 1.25 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -142,7 +142,8 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target )
else
{
/* Append modifier character to result string */
x[0] = *mode_ptr; strcat( the_modes, x );
x[0] = *mode_ptr;
strlcat( the_modes, x, sizeof( the_modes ));
}
if( *mode_ptr == '+' ) set = TRUE;
else set = FALSE;
@ -195,13 +196,13 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target )
if( set )
{
/* Set mode */
if( Client_ModeAdd( Target, x[0] )) strcat( the_modes, x );
if( Client_ModeAdd( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes ));
}
else
{
/* Unset mode */
if( Client_ModeDel( Target, x[0] )) strcat( the_modes, x );
if( Client_ModeDel( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes ));
}
}
client_exit:
@ -305,7 +306,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
else
{
/* Append modifier character to result string */
x[0] = *mode_ptr; strcat( the_modes, x );
x[0] = *mode_ptr;
strlcat( the_modes, x, sizeof( the_modes ));
}
if( *mode_ptr == '+' ) set = TRUE;
else set = FALSE;
@ -480,8 +482,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
/* Channel-User-Mode */
if( Channel_UserModeAdd( Channel, client, x[0] ))
{
strcat( the_args, Client_ID( client ));
strcat( the_args, " " ); strcat( the_modes, x );
strlcat( the_args, Client_ID( client ), sizeof( the_args ));
strlcat( the_args, " ", sizeof( the_args ));
strlcat( the_modes, x, sizeof( the_modes ));
Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client ));
}
}
@ -490,7 +493,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
/* Channel-Mode */
if( Channel_ModeAdd( Channel, x[0] ))
{
strcat( the_modes, x );
strlcat( the_modes, x, sizeof( the_modes ));
Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel ));
}
}
@ -503,8 +506,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
/* Channel-User-Mode */
if( Channel_UserModeDel( Channel, client, x[0] ))
{
strcat( the_args, Client_ID( client ));
strcat( the_args, " " ); strcat( the_modes, x );
strlcat( the_args, Client_ID( client ), sizeof( the_args ));
strlcat( the_args, " ", sizeof( the_args ));
strlcat( the_modes, x, sizeof( the_modes ));
Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client ));
}
}
@ -513,7 +517,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
/* Channel-Mode */
if( Channel_ModeDel( Channel, x[0] ))
{
strcat( the_modes, x );
strlcat( the_modes, x, sizeof( the_modes ));
Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel ));
}
}
@ -522,8 +526,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
/* Are there additional arguments to add? */
if( argadd[0] )
{
if( the_args[strlen( the_args ) - 1] != ' ' ) strcat( the_args, " " );
strcat( the_args, argadd );
if( the_args[strlen( the_args ) - 1] != ' ' ) strlcat( the_args, " ", sizeof( the_args ));
strlcat( the_args, argadd, sizeof( the_args ));
}
}
chan_exit:

10
src/ngircd/irc-server.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: irc-server.c,v 1.25 2002/12/26 16:25:43 alex Exp $";
static char UNUSED id[] = "$Id: irc-server.c,v 1.26 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -195,10 +195,10 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
assert( cl != NULL );
/* Nick, ggf. mit Modes, anhaengen */
if( str[strlen( str ) - 1] != ':' ) strcat( str, "," );
if( strchr( Channel_UserModes( chan, cl ), 'v' )) strcat( str, "+" );
if( strchr( Channel_UserModes( chan, cl ), 'o' )) strcat( str, "@" );
strcat( str, Client_ID( cl ));
if( str[strlen( str ) - 1] != ':' ) strlcat( str, ",", sizeof( str ));
if( strchr( Channel_UserModes( chan, cl ), 'v' )) strlcat( str, "+", sizeof( str ));
if( strchr( Channel_UserModes( chan, cl ), 'o' )) strlcat( str, "@", sizeof( str ));
strlcat( str, Client_ID( cl ), sizeof( str ));
if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 8 ))
{

18
src/ngircd/ngircd.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: ngircd.c,v 1.67 2002/12/26 16:25:43 alex Exp $";
static char UNUSED id[] = "$Id: ngircd.c,v 1.68 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -73,8 +73,8 @@ main( int argc, const char *argv[] )
#ifdef SNIFFER
NGIRCd_Sniffer = FALSE;
#endif
strcpy( NGIRCd_ConfFile, SYSCONFDIR );
strcat( NGIRCd_ConfFile, CONFIG_FILE );
strlcpy( NGIRCd_ConfFile, SYSCONFDIR, sizeof( NGIRCd_ConfFile ));
strlcat( NGIRCd_ConfFile, CONFIG_FILE, sizeof( NGIRCd_ConfFile ));
/* Kommandozeile parsen */
for( i = 1; i < argc; i++ )
@ -376,12 +376,12 @@ NGIRCd_VersionAddition( VOID )
strcat( txt, "IRCPLUS" );
#endif
if( txt[0] ) strcat( txt, "-" );
strcat( txt, TARGET_CPU );
strcat( txt, "/" );
strcat( txt, TARGET_VENDOR );
strcat( txt, "/" );
strcat( txt, TARGET_OS );
if( txt[0] ) strlcat( txt, "-", sizeof( txt ));
strlcat( txt, TARGET_CPU, sizeof( txt ));
strlcat( txt, "/", sizeof( txt ));
strlcat( txt, TARGET_VENDOR, sizeof( txt ));
strlcat( txt, "/", sizeof( txt ));
strlcat( txt, TARGET_OS, sizeof( txt ));
return txt;
} /* NGIRCd_VersionAddition */

4
src/ngircd/ngircd.h
View File

@ -8,7 +8,7 @@
* (at your option) any later version.
* Please read the file COPYING, README and AUTHORS for more information.
*
* $Id: ngircd.h,v 1.18 2002/12/19 04:30:00 alex Exp $
* $Id: ngircd.h,v 1.19 2002/12/26 16:48:14 alex Exp $
*
* Prototypes of the "main module".
*/
@ -45,7 +45,7 @@ GLOBAL CHAR NGIRCd_DebugLevel[2]; /* Debug-Level fuer IRC_VERSION() */
GLOBAL CHAR NGIRCd_ConfFile[FNAME_LEN]; /* Konfigurationsdatei */
GLOBAL CHAR NGIRCd_ProtoID[1024]; /* Protokoll- und Server-Identifikation */
GLOBAL CHAR NGIRCd_ProtoID[COMMAND_LEN];/* Protokoll- und Server-Identifikation */
GLOBAL CHAR *NGIRCd_Version PARAMS((VOID ));

8
src/ngircd/parse.c
View File

@ -14,7 +14,7 @@
#include "portab.h"
static char UNUSED id[] = "$Id: parse.c,v 1.52 2002/12/18 13:53:20 alex Exp $";
static char UNUSED id[] = "$Id: parse.c,v 1.53 2002/12/26 16:48:14 alex Exp $";
#include "imp.h"
#include <assert.h>
@ -363,9 +363,9 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
strcpy( str, Req->command );
for( i = 0; i < Req->argc; i++ )
{
if( i < Req->argc - 1 ) strcat( str, " " );
else strcat( str, " :" );
strcat( str, Req->argv[i] );
if( i < Req->argc - 1 ) strlcat( str, " ", sizeof( str ));
else strlcat( str, " :", sizeof( str ));
strlcat( str, Req->argv[i], sizeof( str ));
}
return IRC_WriteStrClientPrefix( target, prefix, "%s", str );
}