From 463c5cb7c5ea272035ea05524001dddbe43156cf Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 7 Jan 2008 11:42:00 +0000 Subject: [PATCH] IRC_PART could reference invalid memory. --- ChangeLog | 4 +++- src/ngircd/irc-channel.c | 22 ++++++++-------------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 28d3ada0..d0d009a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ ngIRCd HEAD + - SECURITY: IRC_PART could reference invalid memory, causing + ngircd to crash. - Use dotted-decimal IP address if hostname is >= 64. - Add support for /STAT u (server uptime) command. - New [Server] configuration Option "Bind" allows to specify @@ -724,4 +726,4 @@ ngIRCd 0.0.1, 31.12.2001 -- -$Id: ChangeLog,v 1.332 2008/01/02 11:31:48 alex Exp $ +$Id: ChangeLog,v 1.333 2008/01/07 11:42:00 fw Exp $ diff --git a/src/ngircd/irc-channel.c b/src/ngircd/irc-channel.c index 03204d65..fcc6e4aa 100644 --- a/src/ngircd/irc-channel.c +++ b/src/ngircd/irc-channel.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-channel.c,v 1.40 2007/07/31 18:56:14 alex Exp $"; +static char UNUSED id[] = "$Id: irc-channel.c,v 1.41 2008/01/07 11:42:00 fw Exp $"; #include "imp.h" #include @@ -269,8 +269,9 @@ IRC_PART( CLIENT *Client, REQUEST *Req ) assert( Client != NULL ); assert( Req != NULL ); - /* Falsche Anzahl Parameter? */ - if(( Req->argc > 2 )) return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command ); + if (Req->argc < 1 || Req->argc > 2) + return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, + Client_ID(Client), Req->command); /* Wer ist der Absender? */ if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix ); @@ -278,18 +279,11 @@ IRC_PART( CLIENT *Client, REQUEST *Req ) if( ! target ) return IRC_WriteStrClient( Client, ERR_NOSUCHNICK_MSG, Client_ID( Client ), Req->prefix ); /* Channel-Namen durchgehen */ - chan = strtok( Req->argv[0], "," ); - while( chan ) - { - if( ! Channel_Part( target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID( target ))) - { - /* naechsten Namen ermitteln */ - chan = strtok( NULL, "," ); - continue; - } + chan = strtok(Req->argv[0], ","); + while (chan) { + Channel_Part(target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID(target)); - /* naechsten Namen ermitteln */ - chan = strtok( NULL, "," ); + chan = strtok(NULL, ","); } return CONNECTED; } /* IRC_PART */