From: Florian Westphal <fw@strlen.de>
Date: Mon, 4 May 2009 21:51:24 +0000 (+0200)
Subject: security: fix remotely triggerable crash in SSL/TLS code
X-Git-Tag: rel-14-1~4
X-Git-Url: https://arthur.barton.de/gitweb/?a=commitdiff_plain;h=627b0b713c52406e50c84bb9459e7794262920a2;p=ngircd.git

security: fix remotely triggerable crash in SSL/TLS code

When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.

- ONLY servers without ssl/tls support compiled in are not affected.
  Disabling SSL in the configuration (no ssl listening ports, etc)
  does NOT help.
- servers that are running standalone (i.e., not connected to any
  other servers) are not affected, either.

This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
---

diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index 9752a619..c6095a31 100644
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -1951,6 +1951,9 @@ Conn_GetClient( CONN_ID Idx )
 GLOBAL bool
 Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
 {
+	if (Idx < 0)
+		return false;
+	assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
 	return ConnSSL_GetCipherInfo(&My_Connections[Idx], buf, len);
 }
 
@@ -1958,6 +1961,9 @@ Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
 GLOBAL bool
 Conn_UsesSSL(CONN_ID Idx)
 {
+	if (Idx < 0)
+		return false;
+	assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
 	return Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL);
 }
 #endif