From: Alexander Barton Date: Thu, 26 Dec 2002 16:48:14 +0000 (+0000) Subject: - replaced a lot of strcat() calls with strlcat() which is more secure. X-Git-Tag: rel-0-7-0-pre1~151 X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=commitdiff_plain;h=6626395c88fc46eeb110942b17eb9245a1d0021b - replaced a lot of strcat() calls with strlcat() which is more secure. --- diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c index c5039894..971fe2f9 100644 --- a/src/ngircd/channel.c +++ b/src/ngircd/channel.c @@ -17,7 +17,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: channel.c,v 1.40 2002/12/26 16:25:43 alex Exp $"; +static char UNUSED id[] = "$Id: channel.c,v 1.41 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -494,7 +494,7 @@ Channel_ModeAdd( CHANNEL *Chan, CHAR Mode ) if( ! strchr( Chan->modes, x[0] )) { /* Client hat den Mode noch nicht -> setzen */ - strcat( Chan->modes, x ); + strlcat( Chan->modes, x, sizeof( Chan->modes )); return TRUE; } else return FALSE; @@ -547,7 +547,7 @@ Channel_UserModeAdd( CHANNEL *Chan, CLIENT *Client, CHAR Mode ) if( ! strchr( cl2chan->modes, x[0] )) { /* Client hat den Mode noch nicht -> setzen */ - strcat( cl2chan->modes, x ); + strlcat( cl2chan->modes, x, sizeof( cl2chan->modes )); return TRUE; } else return FALSE; diff --git a/src/ngircd/client.c b/src/ngircd/client.c index 6ca7f687..70f6be6c 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -17,7 +17,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: client.c,v 1.68 2002/12/26 16:25:43 alex Exp $"; +static char UNUSED id[] = "$Id: client.c,v 1.69 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -465,7 +465,7 @@ Client_ModeAdd( CLIENT *Client, CHAR Mode ) if( ! strchr( Client->modes, x[0] )) { /* Client hat den Mode noch nicht -> setzen */ - strcat( Client->modes, x ); + strlcat( Client->modes, x, sizeof( Client->modes )); return TRUE; } else return FALSE; diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 7ad9ddd7..c2478b8e 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: conf.c,v 1.49 2002/12/26 16:25:43 alex Exp $"; +static char UNUSED id[] = "$Id: conf.c,v 1.50 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -178,8 +178,8 @@ Set_Defaults( VOID ) strcpy( Conf_ServerAdmin2, "" ); strcpy( Conf_ServerAdminMail, "" ); - strcpy( Conf_MotdFile, SYSCONFDIR ); - strcat( Conf_MotdFile, MOTD_FILE ); + strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile )); + strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile )); Conf_ListenPorts_Count = 0; diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index 8e35e662..43625fe0 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: conn.c,v 1.107 2002/12/19 04:35:26 alex Exp $"; +static char UNUSED id[] = "$Id: conn.c,v 1.108 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -495,7 +495,7 @@ va_dcl if( NGIRCd_Sniffer ) Log( LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer ); #endif - strcat( buffer, "\r\n" ); + strlcat( buffer, "\r\n", sizeof( buffer )); ok = Conn_Write( Idx, buffer, strlen( buffer )); My_Connections[Idx].msg_out++; diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c index efffad8d..9a4efb67 100644 --- a/src/ngircd/irc-info.c +++ b/src/ngircd/irc-info.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-info.c,v 1.9 2002/12/22 23:30:33 alex Exp $"; +static char UNUSED id[] = "$Id: irc-info.c,v 1.10 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -104,8 +104,8 @@ IRC_ISON( CLIENT *Client, REQUEST *Req ) if( c && ( Client_Type( c ) == CLIENT_USER )) { /* Dieser Nick ist "online" */ - strcat( rpl, ptr ); - strcat( rpl, " " ); + strlcat( rpl, ptr, sizeof( rpl )); + strlcat( rpl, " ", sizeof( rpl )); } ptr = strtok( NULL, " " ); } @@ -302,8 +302,8 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req ) if(( Client_Type( c ) == CLIENT_USER ) && ( Channel_FirstChannelOf( c ) == NULL ) && ( ! strchr( Client_Modes( c ), 'i' ))) { /* Okay, das ist ein User: anhaengen */ - if( rpl[strlen( rpl ) - 1] != ':' ) strcat( rpl, " " ); - strcat( rpl, Client_ID( c )); + if( rpl[strlen( rpl ) - 1] != ':' ) strlcat( rpl, " ", sizeof( rpl )); + strlcat( rpl, Client_ID( c ), sizeof( rpl )); if( strlen( rpl ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 )) { @@ -464,15 +464,15 @@ IRC_USERHOST( CLIENT *Client, REQUEST *Req ) if( c && ( Client_Type( c ) == CLIENT_USER )) { /* Dieser Nick ist "online" */ - strcat( rpl, Client_ID( c )); - if( Client_HasMode( c, 'o' )) strcat( rpl, "*" ); - strcat( rpl, "=" ); - if( Client_HasMode( c, 'a' )) strcat( rpl, "-" ); - else strcat( rpl, "+" ); - strcat( rpl, Client_User( c )); - strcat( rpl, "@" ); - strcat( rpl, Client_Hostname( c )); - strcat( rpl, " " ); + strlcat( rpl, Client_ID( c ), sizeof( rpl )); + if( Client_HasMode( c, 'o' )) strlcat( rpl, "*", sizeof( rpl )); + strlcat( rpl, "=", sizeof( rpl )); + if( Client_HasMode( c, 'a' )) strlcat( rpl, "-", sizeof( rpl )); + else strlcat( rpl, "+", sizeof( rpl )); + strlcat( rpl, Client_User( c ), sizeof( rpl )); + strlcat( rpl, "@", sizeof( rpl )); + strlcat( rpl, Client_Hostname( c ), sizeof( rpl )); + strlcat( rpl, " ", sizeof( rpl )); } } if( rpl[strlen( rpl ) - 1] == ' ' ) rpl[strlen( rpl ) - 1] = '\0'; @@ -572,7 +572,7 @@ IRC_WHO( CLIENT *Client, REQUEST *Req ) { /* Flags zusammenbasteln */ strcpy( flags, "H" ); - if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" ); + if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags )); /* ausgeben */ cl2chan = Channel_FirstChannelOf( c ); @@ -644,10 +644,10 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req ) assert( chan != NULL ); /* Channel-Name anhaengen */ - if( str[strlen( str ) - 1] != ':' ) strcat( str, " " ); - if( strchr( Channel_UserModes( chan, c ), 'o' )) strcat( str, "@" ); - else if( strchr( Channel_UserModes( chan, c ), 'v' )) strcat( str, "+" ); - strcat( str, Channel_Name( chan )); + if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str )); + if( strchr( Channel_UserModes( chan, c ), 'o' )) strlcat( str, "@", sizeof( str )); + else if( strchr( Channel_UserModes( chan, c ), 'v' )) strlcat( str, "+", sizeof( str )); + strlcat( str, Channel_Name( chan ), sizeof( str )); if( strlen( str ) > ( LINE_LEN - CHANNEL_NAME_LEN - 4 )) { @@ -806,10 +806,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan ) if( is_member || is_visible ) { /* Nick anhaengen */ - if( str[strlen( str ) - 1] != ':' ) strcat( str, " " ); - if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strcat( str, "@" ); - else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strcat( str, "+" ); - strcat( str, Client_ID( cl )); + if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str )); + if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strlcat( str, "@", sizeof( str )); + else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strlcat( str, "+", sizeof( str )); + strlcat( str, Client_ID( cl ), sizeof( str )); if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 )) { @@ -859,9 +859,9 @@ IRC_Send_WHO( CLIENT *Client, CHANNEL *Chan, BOOLEAN OnlyOps ) { /* Flags zusammenbasteln */ strcpy( flags, "H" ); - if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" ); - if( strchr( Channel_UserModes( Chan, c ), 'o' )) strcat( flags, "@" ); - else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strcat( flags, "+" ); + if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags )); + if( strchr( Channel_UserModes( Chan, c ), 'o' )) strlcat( flags, "@", sizeof( flags )); + else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strlcat( flags, "+", sizeof( flags )); /* ausgeben */ if(( ! OnlyOps ) || ( strchr( Client_Modes( c ), 'o' ))) diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c index 05664949..c5eeadfb 100644 --- a/src/ngircd/irc-mode.c +++ b/src/ngircd/irc-mode.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-mode.c,v 1.24 2002/12/18 14:16:21 alex Exp $"; +static char UNUSED id[] = "$Id: irc-mode.c,v 1.25 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -142,7 +142,8 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target ) else { /* Append modifier character to result string */ - x[0] = *mode_ptr; strcat( the_modes, x ); + x[0] = *mode_ptr; + strlcat( the_modes, x, sizeof( the_modes )); } if( *mode_ptr == '+' ) set = TRUE; else set = FALSE; @@ -195,13 +196,13 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target ) if( set ) { /* Set mode */ - if( Client_ModeAdd( Target, x[0] )) strcat( the_modes, x ); + if( Client_ModeAdd( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes )); } else { /* Unset mode */ - if( Client_ModeDel( Target, x[0] )) strcat( the_modes, x ); + if( Client_ModeDel( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes )); } } client_exit: @@ -305,7 +306,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) else { /* Append modifier character to result string */ - x[0] = *mode_ptr; strcat( the_modes, x ); + x[0] = *mode_ptr; + strlcat( the_modes, x, sizeof( the_modes )); } if( *mode_ptr == '+' ) set = TRUE; else set = FALSE; @@ -480,8 +482,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) /* Channel-User-Mode */ if( Channel_UserModeAdd( Channel, client, x[0] )) { - strcat( the_args, Client_ID( client )); - strcat( the_args, " " ); strcat( the_modes, x ); + strlcat( the_args, Client_ID( client ), sizeof( the_args )); + strlcat( the_args, " ", sizeof( the_args )); + strlcat( the_modes, x, sizeof( the_modes )); Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client )); } } @@ -490,7 +493,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) /* Channel-Mode */ if( Channel_ModeAdd( Channel, x[0] )) { - strcat( the_modes, x ); + strlcat( the_modes, x, sizeof( the_modes )); Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel )); } } @@ -503,8 +506,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) /* Channel-User-Mode */ if( Channel_UserModeDel( Channel, client, x[0] )) { - strcat( the_args, Client_ID( client )); - strcat( the_args, " " ); strcat( the_modes, x ); + strlcat( the_args, Client_ID( client ), sizeof( the_args )); + strlcat( the_args, " ", sizeof( the_args )); + strlcat( the_modes, x, sizeof( the_modes )); Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client )); } } @@ -513,7 +517,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) /* Channel-Mode */ if( Channel_ModeDel( Channel, x[0] )) { - strcat( the_modes, x ); + strlcat( the_modes, x, sizeof( the_modes )); Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel )); } } @@ -522,8 +526,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) /* Are there additional arguments to add? */ if( argadd[0] ) { - if( the_args[strlen( the_args ) - 1] != ' ' ) strcat( the_args, " " ); - strcat( the_args, argadd ); + if( the_args[strlen( the_args ) - 1] != ' ' ) strlcat( the_args, " ", sizeof( the_args )); + strlcat( the_args, argadd, sizeof( the_args )); } } chan_exit: diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c index 0be66783..6a6f4712 100644 --- a/src/ngircd/irc-server.c +++ b/src/ngircd/irc-server.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-server.c,v 1.25 2002/12/26 16:25:43 alex Exp $"; +static char UNUSED id[] = "$Id: irc-server.c,v 1.26 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -195,10 +195,10 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req ) assert( cl != NULL ); /* Nick, ggf. mit Modes, anhaengen */ - if( str[strlen( str ) - 1] != ':' ) strcat( str, "," ); - if( strchr( Channel_UserModes( chan, cl ), 'v' )) strcat( str, "+" ); - if( strchr( Channel_UserModes( chan, cl ), 'o' )) strcat( str, "@" ); - strcat( str, Client_ID( cl )); + if( str[strlen( str ) - 1] != ':' ) strlcat( str, ",", sizeof( str )); + if( strchr( Channel_UserModes( chan, cl ), 'v' )) strlcat( str, "+", sizeof( str )); + if( strchr( Channel_UserModes( chan, cl ), 'o' )) strlcat( str, "@", sizeof( str )); + strlcat( str, Client_ID( cl ), sizeof( str )); if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 8 )) { diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c index 92f1a3e2..cef1cff5 100644 --- a/src/ngircd/ngircd.c +++ b/src/ngircd/ngircd.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: ngircd.c,v 1.67 2002/12/26 16:25:43 alex Exp $"; +static char UNUSED id[] = "$Id: ngircd.c,v 1.68 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -73,8 +73,8 @@ main( int argc, const char *argv[] ) #ifdef SNIFFER NGIRCd_Sniffer = FALSE; #endif - strcpy( NGIRCd_ConfFile, SYSCONFDIR ); - strcat( NGIRCd_ConfFile, CONFIG_FILE ); + strlcpy( NGIRCd_ConfFile, SYSCONFDIR, sizeof( NGIRCd_ConfFile )); + strlcat( NGIRCd_ConfFile, CONFIG_FILE, sizeof( NGIRCd_ConfFile )); /* Kommandozeile parsen */ for( i = 1; i < argc; i++ ) @@ -376,12 +376,12 @@ NGIRCd_VersionAddition( VOID ) strcat( txt, "IRCPLUS" ); #endif - if( txt[0] ) strcat( txt, "-" ); - strcat( txt, TARGET_CPU ); - strcat( txt, "/" ); - strcat( txt, TARGET_VENDOR ); - strcat( txt, "/" ); - strcat( txt, TARGET_OS ); + if( txt[0] ) strlcat( txt, "-", sizeof( txt )); + strlcat( txt, TARGET_CPU, sizeof( txt )); + strlcat( txt, "/", sizeof( txt )); + strlcat( txt, TARGET_VENDOR, sizeof( txt )); + strlcat( txt, "/", sizeof( txt )); + strlcat( txt, TARGET_OS, sizeof( txt )); return txt; } /* NGIRCd_VersionAddition */ diff --git a/src/ngircd/ngircd.h b/src/ngircd/ngircd.h index a9fd1514..60fb0ba9 100644 --- a/src/ngircd/ngircd.h +++ b/src/ngircd/ngircd.h @@ -8,7 +8,7 @@ * (at your option) any later version. * Please read the file COPYING, README and AUTHORS for more information. * - * $Id: ngircd.h,v 1.18 2002/12/19 04:30:00 alex Exp $ + * $Id: ngircd.h,v 1.19 2002/12/26 16:48:14 alex Exp $ * * Prototypes of the "main module". */ @@ -45,7 +45,7 @@ GLOBAL CHAR NGIRCd_DebugLevel[2]; /* Debug-Level fuer IRC_VERSION() */ GLOBAL CHAR NGIRCd_ConfFile[FNAME_LEN]; /* Konfigurationsdatei */ -GLOBAL CHAR NGIRCd_ProtoID[1024]; /* Protokoll- und Server-Identifikation */ +GLOBAL CHAR NGIRCd_ProtoID[COMMAND_LEN];/* Protokoll- und Server-Identifikation */ GLOBAL CHAR *NGIRCd_Version PARAMS((VOID )); diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c index ac24dbf9..3be66a9e 100644 --- a/src/ngircd/parse.c +++ b/src/ngircd/parse.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: parse.c,v 1.52 2002/12/18 13:53:20 alex Exp $"; +static char UNUSED id[] = "$Id: parse.c,v 1.53 2002/12/26 16:48:14 alex Exp $"; #include "imp.h" #include @@ -363,9 +363,9 @@ Handle_Request( CONN_ID Idx, REQUEST *Req ) strcpy( str, Req->command ); for( i = 0; i < Req->argc; i++ ) { - if( i < Req->argc - 1 ) strcat( str, " " ); - else strcat( str, " :" ); - strcat( str, Req->argv[i] ); + if( i < Req->argc - 1 ) strlcat( str, " ", sizeof( str )); + else strlcat( str, " :", sizeof( str )); + strlcat( str, Req->argv[i], sizeof( str )); } return IRC_WriteStrClientPrefix( target, prefix, "%s", str ); }