- replaced a lot of strcat() calls with strlcat() which is more secure.
authorAlexander Barton <alex@barton.de>
Thu, 26 Dec 2002 16:48:14 +0000 (16:48 +0000)
committerAlexander Barton <alex@barton.de>
Thu, 26 Dec 2002 16:48:14 +0000 (16:48 +0000)
src/ngircd/channel.c
src/ngircd/client.c
src/ngircd/conf.c
src/ngircd/conn.c
src/ngircd/irc-info.c
src/ngircd/irc-mode.c
src/ngircd/irc-server.c
src/ngircd/ngircd.c
src/ngircd/ngircd.h
src/ngircd/parse.c

index c50398940a3c2c827267cc4abf8c42dc2d000631..971fe2f9c4cd28830c4bcdde0015865fff8907c1 100644 (file)
@@ -17,7 +17,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: channel.c,v 1.40 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: channel.c,v 1.41 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -494,7 +494,7 @@ Channel_ModeAdd( CHANNEL *Chan, CHAR Mode )
        if( ! strchr( Chan->modes, x[0] ))
        {
                /* Client hat den Mode noch nicht -> setzen */
-               strcat( Chan->modes, x );
+               strlcat( Chan->modes, x, sizeof( Chan->modes ));
                return TRUE;
        }
        else return FALSE;
@@ -547,7 +547,7 @@ Channel_UserModeAdd( CHANNEL *Chan, CLIENT *Client, CHAR Mode )
        if( ! strchr( cl2chan->modes, x[0] ))
        {
                /* Client hat den Mode noch nicht -> setzen */
-               strcat( cl2chan->modes, x );
+               strlcat( cl2chan->modes, x, sizeof( cl2chan->modes ));
                return TRUE;
        }
        else return FALSE;
index 6ca7f68706b072381f5fb87099ad10856d3654b1..70f6be6c704dc94fb73daf855226f4b5b1bd90d6 100644 (file)
@@ -17,7 +17,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: client.c,v 1.68 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: client.c,v 1.69 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -465,7 +465,7 @@ Client_ModeAdd( CLIENT *Client, CHAR Mode )
        if( ! strchr( Client->modes, x[0] ))
        {
                /* Client hat den Mode noch nicht -> setzen */
-               strcat( Client->modes, x );
+               strlcat( Client->modes, x, sizeof( Client->modes ));
                return TRUE;
        }
        else return FALSE;
index 7ad9ddd7c54d52c5eaf390a3f780703c1032cb95..c2478b8eb0c99d36689a1ad5e2573863d2485f5f 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: conf.c,v 1.49 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: conf.c,v 1.50 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -178,8 +178,8 @@ Set_Defaults( VOID )
        strcpy( Conf_ServerAdmin2, "" );
        strcpy( Conf_ServerAdminMail, "" );
 
-       strcpy( Conf_MotdFile, SYSCONFDIR );
-       strcat( Conf_MotdFile, MOTD_FILE );
+       strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile ));
+       strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile ));
 
        Conf_ListenPorts_Count = 0;
 
index 8e35e662cbc5697ba48cfe71240b688262e6b30d..43625fe0d22c85ccb76f8226fdcc2cf7cad9629e 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: conn.c,v 1.107 2002/12/19 04:35:26 alex Exp $";
+static char UNUSED id[] = "$Id: conn.c,v 1.108 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -495,7 +495,7 @@ va_dcl
        if( NGIRCd_Sniffer ) Log( LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer );
 #endif
 
-       strcat( buffer, "\r\n" );
+       strlcat( buffer, "\r\n", sizeof( buffer ));
        ok = Conn_Write( Idx, buffer, strlen( buffer ));
        My_Connections[Idx].msg_out++;
 
index efffad8dc9f0014c37bfc28368f341011dc7e323..9a4efb679aa30e26ecc14bfe6d04fd953e2a8d88 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-info.c,v 1.9 2002/12/22 23:30:33 alex Exp $";
+static char UNUSED id[] = "$Id: irc-info.c,v 1.10 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -104,8 +104,8 @@ IRC_ISON( CLIENT *Client, REQUEST *Req )
                        if( c && ( Client_Type( c ) == CLIENT_USER ))
                        {
                                /* Dieser Nick ist "online" */
-                               strcat( rpl, ptr );
-                               strcat( rpl, " " );
+                               strlcat( rpl, ptr, sizeof( rpl ));
+                               strlcat( rpl, " ", sizeof( rpl ));
                        }
                        ptr = strtok( NULL, " " );
                }
@@ -302,8 +302,8 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req )
                if(( Client_Type( c ) == CLIENT_USER ) && ( Channel_FirstChannelOf( c ) == NULL ) && ( ! strchr( Client_Modes( c ), 'i' )))
                {
                        /* Okay, das ist ein User: anhaengen */
-                       if( rpl[strlen( rpl ) - 1] != ':' ) strcat( rpl, " " );
-                       strcat( rpl, Client_ID( c ));
+                       if( rpl[strlen( rpl ) - 1] != ':' ) strlcat( rpl, " ", sizeof( rpl ));
+                       strlcat( rpl, Client_ID( c ), sizeof( rpl ));
 
                        if( strlen( rpl ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 ))
                        {
@@ -464,15 +464,15 @@ IRC_USERHOST( CLIENT *Client, REQUEST *Req )
                if( c && ( Client_Type( c ) == CLIENT_USER ))
                {
                        /* Dieser Nick ist "online" */
-                       strcat( rpl, Client_ID( c ));
-                       if( Client_HasMode( c, 'o' )) strcat( rpl, "*" );
-                       strcat( rpl, "=" );
-                       if( Client_HasMode( c, 'a' )) strcat( rpl, "-" );
-                       else strcat( rpl, "+" );
-                       strcat( rpl, Client_User( c ));
-                       strcat( rpl, "@" );
-                       strcat( rpl, Client_Hostname( c ));
-                       strcat( rpl, " " );
+                       strlcat( rpl, Client_ID( c ), sizeof( rpl ));
+                       if( Client_HasMode( c, 'o' )) strlcat( rpl, "*", sizeof( rpl ));
+                       strlcat( rpl, "=", sizeof( rpl ));
+                       if( Client_HasMode( c, 'a' )) strlcat( rpl, "-", sizeof( rpl ));
+                       else strlcat( rpl, "+", sizeof( rpl ));
+                       strlcat( rpl, Client_User( c ), sizeof( rpl ));
+                       strlcat( rpl, "@", sizeof( rpl ));
+                       strlcat( rpl, Client_Hostname( c ), sizeof( rpl ));
+                       strlcat( rpl, " ", sizeof( rpl ));
                }
        }
        if( rpl[strlen( rpl ) - 1] == ' ' ) rpl[strlen( rpl ) - 1] = '\0';
@@ -572,7 +572,7 @@ IRC_WHO( CLIENT *Client, REQUEST *Req )
                        {
                                /* Flags zusammenbasteln */
                                strcpy( flags, "H" );
-                               if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" );
+                               if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags ));
 
                                /* ausgeben */
                                cl2chan = Channel_FirstChannelOf( c );
@@ -644,10 +644,10 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req )
                assert( chan != NULL );
 
                /* Channel-Name anhaengen */
-               if( str[strlen( str ) - 1] != ':' ) strcat( str, " " );
-               if( strchr( Channel_UserModes( chan, c ), 'o' )) strcat( str, "@" );
-               else if( strchr( Channel_UserModes( chan, c ), 'v' )) strcat( str, "+" );
-               strcat( str, Channel_Name( chan ));
+               if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str ));
+               if( strchr( Channel_UserModes( chan, c ), 'o' )) strlcat( str, "@", sizeof( str ));
+               else if( strchr( Channel_UserModes( chan, c ), 'v' )) strlcat( str, "+", sizeof( str ));
+               strlcat( str, Channel_Name( chan ), sizeof( str ));
 
                if( strlen( str ) > ( LINE_LEN - CHANNEL_NAME_LEN - 4 ))
                {
@@ -806,10 +806,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
                if( is_member || is_visible )
                {
                        /* Nick anhaengen */
-                       if( str[strlen( str ) - 1] != ':' ) strcat( str, " " );
-                       if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strcat( str, "@" );
-                       else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strcat( str, "+" );
-                       strcat( str, Client_ID( cl ));
+                       if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str ));
+                       if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strlcat( str, "@", sizeof( str ));
+                       else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strlcat( str, "+", sizeof( str ));
+                       strlcat( str, Client_ID( cl ), sizeof( str ));
 
                        if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 ))
                        {
@@ -859,9 +859,9 @@ IRC_Send_WHO( CLIENT *Client, CHANNEL *Chan, BOOLEAN OnlyOps )
                {
                        /* Flags zusammenbasteln */
                        strcpy( flags, "H" );
-                       if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" );
-                       if( strchr( Channel_UserModes( Chan, c ), 'o' )) strcat( flags, "@" );
-                       else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strcat( flags, "+" );
+                       if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags ));
+                       if( strchr( Channel_UserModes( Chan, c ), 'o' )) strlcat( flags, "@", sizeof( flags ));
+                       else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strlcat( flags, "+", sizeof( flags ));
 
                        /* ausgeben */
                        if(( ! OnlyOps ) || ( strchr( Client_Modes( c ), 'o' )))
index 05664949a6a968283b1df72b18cbda7796cf42f2..c5eeadfb5e87938e29fbb2a6c268529f918c5af1 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-mode.c,v 1.24 2002/12/18 14:16:21 alex Exp $";
+static char UNUSED id[] = "$Id: irc-mode.c,v 1.25 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -142,7 +142,8 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target )
                                        else
                                        {
                                                /* Append modifier character to result string */
-                                               x[0] = *mode_ptr; strcat( the_modes, x );
+                                               x[0] = *mode_ptr;
+                                               strlcat( the_modes, x, sizeof( the_modes ));
                                        }
                                        if( *mode_ptr == '+' ) set = TRUE;
                                        else set = FALSE;
@@ -195,13 +196,13 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target )
                if( set )
                {
                        /* Set mode */
-                       if( Client_ModeAdd( Target, x[0] )) strcat( the_modes, x );
+                       if( Client_ModeAdd( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes ));
 
                }
                else
                {
                        /* Unset mode */
-                       if( Client_ModeDel( Target, x[0] )) strcat( the_modes, x );
+                       if( Client_ModeDel( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes ));
                }               
        }
 client_exit:
@@ -305,7 +306,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                                        else
                                        {
                                                /* Append modifier character to result string */
-                                               x[0] = *mode_ptr; strcat( the_modes, x );
+                                               x[0] = *mode_ptr;
+                                               strlcat( the_modes, x, sizeof( the_modes ));
                                        }
                                        if( *mode_ptr == '+' ) set = TRUE;
                                        else set = FALSE;
@@ -480,8 +482,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                                /* Channel-User-Mode */
                                if( Channel_UserModeAdd( Channel, client, x[0] ))
                                {
-                                       strcat( the_args, Client_ID( client ));
-                                       strcat( the_args, " " ); strcat( the_modes, x );
+                                       strlcat( the_args, Client_ID( client ), sizeof( the_args ));
+                                       strlcat( the_args, " ", sizeof( the_args ));
+                                       strlcat( the_modes, x, sizeof( the_modes ));
                                        Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client ));
                                }
                        }
@@ -490,7 +493,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                                /* Channel-Mode */
                                if( Channel_ModeAdd( Channel, x[0] ))
                                {
-                                       strcat( the_modes, x );
+                                       strlcat( the_modes, x, sizeof( the_modes ));
                                        Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel ));
                                }
                        }
@@ -503,8 +506,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                                /* Channel-User-Mode */
                                if( Channel_UserModeDel( Channel, client, x[0] ))
                                {
-                                       strcat( the_args, Client_ID( client ));
-                                       strcat( the_args, " " ); strcat( the_modes, x );
+                                       strlcat( the_args, Client_ID( client ), sizeof( the_args ));
+                                       strlcat( the_args, " ", sizeof( the_args ));
+                                       strlcat( the_modes, x, sizeof( the_modes ));
                                        Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client ));
                                }
                        }
@@ -513,7 +517,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                                /* Channel-Mode */
                                if( Channel_ModeDel( Channel, x[0] ))
                                {
-                                       strcat( the_modes, x );
+                                       strlcat( the_modes, x, sizeof( the_modes ));
                                        Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel ));
                                }
                        }
@@ -522,8 +526,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                /* Are there additional arguments to add? */
                if( argadd[0] )
                {
-                       if( the_args[strlen( the_args ) - 1] != ' ' ) strcat( the_args, " " );
-                       strcat( the_args, argadd );
+                       if( the_args[strlen( the_args ) - 1] != ' ' ) strlcat( the_args, " ", sizeof( the_args ));
+                       strlcat( the_args, argadd, sizeof( the_args ));
                }
        }
 chan_exit:
index 0be6678362c9ecbd475d2b9bafb5a30597d2153b..6a6f4712febfcfc632a22f27aa111dcf7c289cae 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-server.c,v 1.25 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: irc-server.c,v 1.26 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -195,10 +195,10 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
                                assert( cl != NULL );
 
                                /* Nick, ggf. mit Modes, anhaengen */
-                               if( str[strlen( str ) - 1] != ':' ) strcat( str, "," );
-                               if( strchr( Channel_UserModes( chan, cl ), 'v' )) strcat( str, "+" );
-                               if( strchr( Channel_UserModes( chan, cl ), 'o' )) strcat( str, "@" );
-                               strcat( str, Client_ID( cl ));
+                               if( str[strlen( str ) - 1] != ':' ) strlcat( str, ",", sizeof( str ));
+                               if( strchr( Channel_UserModes( chan, cl ), 'v' )) strlcat( str, "+", sizeof( str ));
+                               if( strchr( Channel_UserModes( chan, cl ), 'o' )) strlcat( str, "@", sizeof( str ));
+                               strlcat( str, Client_ID( cl ), sizeof( str ));
 
                                if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 8 ))
                                {
index 92f1a3e2e131019dc960a58292d7f4da6530a2e4..cef1cff58d5b6690b03b3dfdcfdb027aa33134d4 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: ngircd.c,v 1.67 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: ngircd.c,v 1.68 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -73,8 +73,8 @@ main( int argc, const char *argv[] )
 #ifdef SNIFFER
        NGIRCd_Sniffer = FALSE;
 #endif
-       strcpy( NGIRCd_ConfFile, SYSCONFDIR );
-       strcat( NGIRCd_ConfFile, CONFIG_FILE );
+       strlcpy( NGIRCd_ConfFile, SYSCONFDIR, sizeof( NGIRCd_ConfFile ));
+       strlcat( NGIRCd_ConfFile, CONFIG_FILE, sizeof( NGIRCd_ConfFile ));
 
        /* Kommandozeile parsen */
        for( i = 1; i < argc; i++ )
@@ -376,12 +376,12 @@ NGIRCd_VersionAddition( VOID )
        strcat( txt, "IRCPLUS" );
 #endif
        
-       if( txt[0] ) strcat( txt, "-" );
-       strcat( txt, TARGET_CPU );
-       strcat( txt, "/" );
-       strcat( txt, TARGET_VENDOR );
-       strcat( txt, "/" );
-       strcat( txt, TARGET_OS );
+       if( txt[0] ) strlcat( txt, "-", sizeof( txt ));
+       strlcat( txt, TARGET_CPU, sizeof( txt ));
+       strlcat( txt, "/", sizeof( txt ));
+       strlcat( txt, TARGET_VENDOR, sizeof( txt ));
+       strlcat( txt, "/", sizeof( txt ));
+       strlcat( txt, TARGET_OS, sizeof( txt ));
 
        return txt;
 } /* NGIRCd_VersionAddition */
index a9fd1514fecd511813fd0b7aa54b478c76c44d79..60fb0ba9a1a9554b8b1c6dd2dc9b3eb44388a8b0 100644 (file)
@@ -8,7 +8,7 @@
  * (at your option) any later version.
  * Please read the file COPYING, README and AUTHORS for more information.
  *
- * $Id: ngircd.h,v 1.18 2002/12/19 04:30:00 alex Exp $
+ * $Id: ngircd.h,v 1.19 2002/12/26 16:48:14 alex Exp $
  *
  * Prototypes of the "main module".
  */
@@ -45,7 +45,7 @@ GLOBAL CHAR NGIRCd_DebugLevel[2];     /* Debug-Level fuer IRC_VERSION() */
 
 GLOBAL CHAR NGIRCd_ConfFile[FNAME_LEN];        /* Konfigurationsdatei */
 
-GLOBAL CHAR NGIRCd_ProtoID[1024];      /* Protokoll- und Server-Identifikation */
+GLOBAL CHAR NGIRCd_ProtoID[COMMAND_LEN];/* Protokoll- und Server-Identifikation */
 
 
 GLOBAL CHAR *NGIRCd_Version PARAMS((VOID ));
index ac24dbf985f2c5b5f215e321099ceca158e66d01..3be66a9e8859a9a69cdd541f86ffce626c88b1dc 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: parse.c,v 1.52 2002/12/18 13:53:20 alex Exp $";
+static char UNUSED id[] = "$Id: parse.c,v 1.53 2002/12/26 16:48:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -363,9 +363,9 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
                strcpy( str, Req->command );
                for( i = 0; i < Req->argc; i++ )
                {
-                       if( i < Req->argc - 1 ) strcat( str, " " );
-                       else strcat( str, " :" );
-                       strcat( str, Req->argv[i] );
+                       if( i < Req->argc - 1 ) strlcat( str, " ", sizeof( str ));
+                       else strlcat( str, " :", sizeof( str ));
+                       strlcat( str, Req->argv[i], sizeof( str ));
                }
                return IRC_WriteStrClientPrefix( target, prefix, "%s", str );
        }