From 079e0cf9a4db2462e85fc9fb63764e3cb6ea9674 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Tue, 31 Jul 2007 18:54:26 +0000 Subject: [PATCH] SECURITY: Fixed a severe bug in handling JOIN commands, which could cause the server to crash. Thanks to Sebastian Vesper, . --- ChangeLog | 7 ++++++- src/ngircd/irc-channel.c | 6 ++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3cabfacb..a031bdbf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,11 @@ -- ChangeLog -- +ngIRCd 0.10.3 (2007-08-01) + + - SECURITY: Fixed a severe bug in handling JOIN commands, which could + cause the server to crash. Thanks to Sebastian Vesper, . + ngIRCd 0.10.2 (2007-06-08) ngIRCd 0.10.2-pre2 (2007-05-19) @@ -689,4 +694,4 @@ ngIRCd 0.0.1, 31.12.2001 -- -$Id: ChangeLog,v 1.302.2.17 2007/06/08 09:05:23 alex Exp $ +$Id: ChangeLog,v 1.302.2.18 2007/07/31 18:54:26 alex Exp $ diff --git a/src/ngircd/irc-channel.c b/src/ngircd/irc-channel.c index 27d0cbe5..e59f32fa 100644 --- a/src/ngircd/irc-channel.c +++ b/src/ngircd/irc-channel.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-channel.c,v 1.35.2.3 2007/04/03 20:23:31 fw Exp $"; +static char UNUSED id[] = "$Id: irc-channel.c,v 1.35.2.4 2007/07/31 18:54:30 alex Exp $"; #include "imp.h" #include @@ -52,7 +52,9 @@ IRC_JOIN( CLIENT *Client, REQUEST *Req ) assert( Req != NULL ); /* Bad number of arguments? */ - if(( Req->argc > 2 )) return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command ); + if (Req->argc < 1 || Req->argc > 2) + return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, + Client_ID(Client), Req->command); /* Who is the sender? */ if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix );