security: fix remotely triggerable crash in SSL/TLS code

[ngircd.git] / src / ngircd / conn.c

diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index eacbe5ae0fa5616a6a66528e2fefb1e8eb603f30..c6095a31c613bc5ca127d55b8723e15b836f1cca 100644 (file)
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -1540,6 +1540,7 @@ Check_Connections(void)
         * if this doesn't help either, disconnect client. */
        CLIENT *c;
        CONN_ID i;
+       char msg[64];
 
        for (i = 0; i < Pool_Size; i++) {
                if (My_Connections[i].sock < 0)
@@ -1559,8 +1560,8 @@ Check_Connections(void)
                                        LogDebug
                                            ("Connection %d: Ping timeout: %d seconds.",
                                             i, Conf_PongTimeout);
-                                       Conn_Close(i, NULL, "Ping timeout",
-                                                  true);
+                                       snprintf(msg, sizeof(msg), "Ping timeout: %d seconds", Conf_PongTimeout);
+                                       Conn_Close(i, NULL, msg, true);
                                }
                        } else if (My_Connections[i].lastdata <
                                   time(NULL) - Conf_PingTimeout) {
@@ -1950,6 +1951,9 @@ Conn_GetClient( CONN_ID Idx )
 GLOBAL bool
 Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
 {
+       if (Idx < 0)
+               return false;
+       assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
        return ConnSSL_GetCipherInfo(&My_Connections[Idx], buf, len);
 }
 
@@ -1957,6 +1961,9 @@ Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
 GLOBAL bool
 Conn_UsesSSL(CONN_ID Idx)
 {
+       if (Idx < 0)
+               return false;
+       assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
        return Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL);
 }
 #endif