1
0
mirror of https://github.com/osmarks/ngircd.git synced 2024-12-12 01:40:27 +00:00

security: fix remotely triggerable crash in SSL/TLS code

When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.

- ONLY servers without ssl/tls support compiled in are not affected.
  Disabling SSL in the configuration (no ssl listening ports, etc)
  does NOT help.
- servers that are running standalone (i.e., not connected to any
  other servers) are not affected, either.

This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
This commit is contained in:
Florian Westphal 2009-05-04 23:51:24 +02:00 committed by Alexander Barton
parent 95428a72ff
commit 627b0b713c

View File

@ -1951,6 +1951,9 @@ Conn_GetClient( CONN_ID Idx )
GLOBAL bool
Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
{
if (Idx < 0)
return false;
assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
return ConnSSL_GetCipherInfo(&My_Connections[Idx], buf, len);
}
@ -1958,6 +1961,9 @@ Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len)
GLOBAL bool
Conn_UsesSSL(CONN_ID Idx)
{
if (Idx < 0)
return false;
assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION)));
return Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL);
}
#endif