]> arthur.barton.de Git - ngircd-alex.git/commitdiff
projects / ngircd-alex.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7548aa0)
IRC_PART could reference invalid memory.
authorFlorian Westphal <fw@strlen.de>
Mon, 7 Jan 2008 11:42:00 +0000 (11:42 +0000)
committerFlorian Westphal <fw@strlen.de>
Mon, 7 Jan 2008 11:42:00 +0000 (11:42 +0000)
ChangeLog patch | blob | history
src/ngircd/irc-channel.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index 28d3ada0ef94332987c64734b7650cc7a64e6cf5..d0d009a35219e9b790b559bd7c1cb9c3c6e4f569 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
 
 ngIRCd HEAD
 
 
 ngIRCd HEAD
 
+  - SECURITY: IRC_PART could reference invalid memory, causing
+    ngircd to crash.
   - Use dotted-decimal IP address if hostname is >= 64.
   - Add support for /STAT u (server uptime) command.
   - New [Server] configuration Option "Bind" allows to specify
   - Use dotted-decimal IP address if hostname is >= 64.
   - Add support for /STAT u (server uptime) command.
   - New [Server] configuration Option "Bind" allows to specify
@@ -724,4 +726,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
 
 
 -- 
-$Id: ChangeLog,v 1.332 2008/01/02 11:31:48 alex Exp $
+$Id: ChangeLog,v 1.333 2008/01/07 11:42:00 fw Exp $
diff --git a/src/ngircd/irc-channel.c b/src/ngircd/irc-channel.c
index 03204d653af7072258b7844c29978f8087b902b6..fcc6e4aadde4e067d183864f30e5a8eb133ff54a 100644 (file)
--- a/src/ngircd/irc-channel.c
+++ b/src/ngircd/irc-channel.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-channel.c,v 1.40 2007/07/31 18:56:14 alex Exp $";
+static char UNUSED id[] = "$Id: irc-channel.c,v 1.41 2008/01/07 11:42:00 fw Exp $";
 
 #include "imp.h"
 #include <assert.h>
 
 #include "imp.h"
 #include <assert.h>
@@ -269,8 +269,9 @@ IRC_PART( CLIENT *Client, REQUEST *Req )
        assert( Client != NULL );
        assert( Req != NULL );
 
        assert( Client != NULL );
        assert( Req != NULL );
 
-       /* Falsche Anzahl Parameter? */
-       if(( Req->argc > 2 )) return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+       if (Req->argc < 1 || Req->argc > 2)
+               return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+                                       Client_ID(Client), Req->command);
 
        /* Wer ist der Absender? */
        if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix );
 
        /* Wer ist der Absender? */
        if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix );
@@ -278,18 +279,11 @@ IRC_PART( CLIENT *Client, REQUEST *Req )
        if( ! target ) return IRC_WriteStrClient( Client, ERR_NOSUCHNICK_MSG, Client_ID( Client ), Req->prefix );
 
        /* Channel-Namen durchgehen */
        if( ! target ) return IRC_WriteStrClient( Client, ERR_NOSUCHNICK_MSG, Client_ID( Client ), Req->prefix );
 
        /* Channel-Namen durchgehen */
-       chan = strtok( Req->argv[0], "," );
-       while( chan )
-       {
-               if( ! Channel_Part( target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID( target )))
-               {
-                       /* naechsten Namen ermitteln */
-                       chan = strtok( NULL, "," );
-                       continue;
-               }
+       chan = strtok(Req->argv[0], ",");
+       while (chan) {
+               Channel_Part(target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID(target));
 
 
-               /* naechsten Namen ermitteln */
-               chan = strtok( NULL, "," );
+               chan = strtok(NULL, ",");
        }
        return CONNECTED;
 } /* IRC_PART */
        }
        return CONNECTED;
 } /* IRC_PART */
Alex' ngIRCd development repository