summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
4c121f2)
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n",
"arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead
to output like:
:ngircd.test.server 322 nick #chan 1 :
topicwithprecedingnewline
:ngircd.test.server 322 nick #nxtchan 1 :
[..]
Worse, this allows clients to piggyback irc commands, e.g.
"TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which
causes the client to receive a JOIN command during /LIST output.
Bug reported by Scott Perry, first patch by Florian Westphal.
/*
* ngIRCd -- The Next Generation IRC Daemon
/*
* ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2008 Alexander Barton (alex@barton.de)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* Please read the file COPYING, README and AUTHORS for more information.
*/
* Please read the file COPYING, README and AUTHORS for more information.
*/
-static char UNUSED id[] = "$Id: parse.c,v 1.72 2008/02/17 13:26:42 alex Exp $";
-
/**
* @file
* IRC command parser and validator.
/**
* @file
* IRC command parser and validator.
-Validate_Args( UNUSED CONN_ID Idx, UNUSED REQUEST *Req, bool *Closed )
+Validate_Args(CONN_ID Idx, REQUEST *Req, bool *Closed)
assert( Idx >= 0 );
assert( Req != NULL );
*Closed = false;
assert( Idx >= 0 );
assert( Req != NULL );
*Closed = false;
+ for (i = 0; i < Req->argc; i++) {
+ if (strchr(Req->argv[i], '\r') || strchr(Req->argv[i], '\n')) {
+ Log(LOG_ERR,
+ "Invalid character(s) in parameter (connection %d, command %s)!?",
+ Idx, Req->command);
+ if (!Conn_WriteStr(Idx,
+ "ERROR :Invalid character(s) in parameter!"))
+ *Closed = true;
+ return false;
+ }
+ }
return true;
} /* Validate_Args */
return true;
} /* Validate_Args */