Some message targets could lead to a NULL pointer dereference and therefore
could crash the daemon (denial of service).
(cherry picked from commit e493ad2d30ff80bca2556cde2212e367cb006517)
by Steven D. Blackford <kb7sqi@aol.com>:
"I wanted to let you know that I've done a quick port of ngircd-0.12.0 for
NEXTSTEP3.3/OPENSTEP4.2. There wasn't a lot of changes required to get it
to compile clean, but I did make the necessary changes so that I didn't
have to use -posix flag. The NeXT has a pretty buggy POSIX implementation
so I always try to work around it. :-)
Anway, here's the changes required to get it to compile."
This patch fixes the following error message of GCC (tested with version
4.3.0) when not compiling ngIRCd in "strict RFC" mode:
parse.c: In function "Validate_Args":
parse.c:341: error: unused parameter "Idx"
parse.c:341: error: unused parameter "Req"
Some operating systems, for example OpenBSD and OpenSolaris, use
"localhost.<domain>" instead of just "localhost" for 127.0.0.1, so
the "message-test" using "localhost" failed on such systems.
Don't have an idee how to make this work on all platforms ... :-/
So I simply disabled the two affected tests to make the testsuite
run on OpenBSD and OpenSolaris again.
This patch fixes the following warning of GCC 4.3.1:
irc.c: In function "Send_Message":
irc.c:315: error: "lastCurrentTarget" may be used uninitialized in
this function
This closes Bug #88.
Patch proposed by Eric <egrunow@ucsd.edu>, but with wrong length
comparision: please note that Channel_IsValidName() checks the name
INCLUDING the prefix, so the test must be length<=1!
Up to this patch ngIRCd did not return any result (GIT master) or a badly
formated 403 (":irc.server 403 test :No such channel" [note the two
spaces!], branch-0-12-x) on the above commands, this patch changes the
behaviour to reflect ircd 2.11 which returns 461 in both cases.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
(Please see 149859c5fecc..., which fixes this for the who-test already)
This patch fixes the following two warnings of GCC 4.2.4:
irc-channel.c: In function "IRC_JOIN":
irc-channel.c:185:
warning: "lastkey" may be used uninitialized in this function
irc-channel.c:185:
warning: "lastchan" may be used uninitialized in this function
Up to now ngIRCd accepted CR+LF as well as a single CR or LF in "non RFC
compliant" mode (the default). But ngIRCd became confused when it received
data containing mixed line endings (e. g. "111\r222\n333\r\n").
This patch enables ngIRCd (in "non RFC compliant" mode) to detect CR+LF,
CR, and LF as equally good line termination sequences and to always end the
command after the first one detected.
Some clients (for exmaple Trilian) are that ... broken to send such mixed
line terminations ...
First patch proposed by Scott Perry <scperry@ucsd.edu>,
Thanks to Ali Shemiran <ashemira@ucsd.edu> for testing!
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n",
"arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead
to output like:
:ngircd.test.server 322 nick #chan 1 :
topicwithprecedingnewline
:ngircd.test.server 322 nick #nxtchan 1 :
[..]
Worse, this allows clients to piggyback irc commands, e.g.
"TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which
causes the client to receive a JOIN command during /LIST output.
Bug reported by Scott Perry, first patch by Florian Westphal.
In addition, the "timeout" variable has been removed because it is
unnecessary today: Handle_Buffer() handles all the data it can handle,
and io_dispatch() returns immediately when new data is available. So
we don't have to double-check but better sleep. Pointed out by Florian.
This patch does significant cleanup on the join code by using strtok_r
instead of mangling strchr to parse channel names and keys in parallel when
a JOIN command contains a list of channels and keys.
Also adds an strtok_r implementation to libportab.
this also obsoletes ListenIPv4 and ListenIPv6 options.
If Listen is unset, it is treated as Listen="::,0.0.0.0".
Note: ListenIPv4 and ListenIPv6 options are still recognized,
but ngircd will print a warning if they are used in the config file.
Also, some plattforms require that ai_socktype
is set in the getaddrinfo() hints structure.
This patch adds -h and -V short options (to complement the usage).
It is based on a patch attached to Debian bug #466063, see
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466063>.
Idea by Jari Aalto <jari.aalto@cante.net>,
patch adapted by Alexander Barton <alex@barton.de>.
It is hard to test this in the test suite because we 1) shouldn't rely on
previous tests populating WHOWAS and 2) don't connect a user for more than 30
seconds.
Also makes WHOWAS return ERR_NONICKNAMEGIVEN_MSG as implied by RFC.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
SERVICE, SERVLIST, and SQUERY are required by RFC 2812 (it states in
section 3 that "all commands described in this section MUST be implemented
by any server for this protocol." -- So we implement them without (much)
actual functionality ...
Brandon Beresini sent me a patch yesterday adding tests for JOIN under
various circumstances, which I believe he worked on with Bryan Caldwell
and Ali Shemiran. I made a few modifications; the result is below.
Code cleanup and fix for Bug #83, "ngIRCd chokes on 1-character messages" in
function Handle_Buffer(): the buffer is now correctly cleared when ngIRCd
receives 1-character messages terminated with either CR or LF (in violation
to RFC 2812, section 2.3 "Messages", 5th paragraph).
Modeless channels (+channels) are described in RFC 2811;
so my modifications to
530112b114
('Add support for modeless channels')
to disable +channels for --strict-rfc configurations
were wrong. This reverts those changes.
Add support for modeless channels (+channels).
[fw@strlen.de:
- integrate test cases
- don't support +channels when compiled with --strict-rfc
- do not set +o mode for channel creator
- force +nt mode when channel is created ]
The config file for ngircds test suite contained obsolete
ConfUID/ConfGID settings, causing ngircd to needlesly complain when
started as non-root (which is hopefully the _normal_ case...)
When trying to part a channel ("PART #channel") the client is not member of
the daemon now correctly reports the numeric ERR_NOTONCHANNEL (442) insted
of ERR_NOSUCHCHANNEL (403).
client.c:72:6: warning: symbol 'Max_Users' was not declared. Should it be static?
client.c:72:21: warning: symbol 'My_Max_Users' was not declared. Should it be static?
ngircd will exit if the config file cannot be opened. While
thats okay if ngircd starts up for the first time, it isn't
when we are re-reading the config file after a /REHASH or SIGHUP.
all references to struct sockaddr/in_addr have been
removed from src/ngircd.
libngipaddr (in src/ipaddr/) hides all the gory details.
See src/ipaddr/ng_ipaddr.h for API description.
This does hit only operators that join a channel with at least 2 servers active in the net
the server the oper connects to sends "channel^Go" to the other servers
the other server first searches for the channel and then strips the modes from the channel name
he has to do the other way round: first strip and then check the channel name.
RPL_WHOREPLY messages generated by IRC_WHO don't include flags (*,@,+)
that should appear according to this description:
http://www.mishscript.de/reference/rawhelp3.htm#raw352
Other IRC servers do include the flags.
Modify who-test.e to expose missing flags,
modify ngircd-test.conf to accommodate who-test.e, and fix
irc-info.c to correct these problems.
Under some circumstances ngIRCd currently issues a channel MODE message
with a trailing space after the last parameter, which isn't permitted by
the grammar in RFC 2812 section 2.3.1:
http://tools.ietf.org/html/rfc2812#section-2.3.1
The following patch modifies mode-test.e to expose this, and modifies
irc-mode.c to correct it.
- put sending of mode and forwarding of JOIN to other clients
into seperate function.
- put sending of topic/channel names into seperate function.
- put access check into seperate function.
- translate/remove remaining german comments.
- stop if JOIN to a channel in a list (JOIN #a,#,b,#c...) fails
(This doesn't change the behaviour: skip-to-next-channel-on-error
did never work as intended)
Dana Dahlstrom reported that IRC_WHO did not follow
RFC 2812, Section 3.6.1. Specifically:
- IRC_WHO did not send "G" flag instead if "H" if client was away
- did not search username/servername/hostname etc. if argument
was not a channel.
Fix all of the above and tidy things up a bit.
Also add IRC_WHO test script contributed by Dana.
The students in my software-engineering class are writing IRC clients in
Java, and I'm running ngIRCd as a sandbox for them to play in. We
noticed ngIRCd doesn't obey the "JOIN 0" command specified in RFC 2812:
JOIN 0 ; Leave all currently joined
channels.
http://tools.ietf.org/html/rfc2812#section-3.2.1
I believe the following patch addresses this. Cheers!
[fw@strlen.de: put it into a seperate function]
parse.c:56:9: warning: symbol 'My_Commands' was not declared. Should it be static?
parse.c:107:9: warning: symbol 'My_Numerics' was not declared. Should it be static?
Also move handling of numerics into a seperate helper function.
struct Conf_Server stored the ip address to connect to
in dotted-decimal notation; but we only need this for connect()
so long-time storage isn't necessary.
- New configuration option "MaxNickLength" to specify the allowed maximum
length of user nick names. Note: must be unique in an IRC network!
- Enhanced the IRC+ protocol to support an enhanced "server handshake" and
enable server to recognice numeric 005 (ISUPPORT) and 376 (ENDOFMOTD).
See doc/Protocol.txt for details.
to the users working directory (as returned by getpwuid()).
Failing to chdir to that directory isn't an error; so
log with LOG_INFO and prefix the message with "Notice".
