ngIRCd 0.8.3

to do IDENT lookups and is logging to syslog. Bug discovered by CoKi,
<coki@nosystem.com.ar>, thanks a lot! [from HEAD.]
(http://www.nosystem.com.ar/advisories/advisory-11.txt)

AUTHORS

@@ -1,7 +1,7 @@
 
                      ngIRCd - Next Generation IRC Server
 
-                      (c)2001-2004 by Alexander Barton,
+                        (c)2001-2005 Alexander Barton,
                     alex@barton.de, http://www.barton.de/
 
                ngIRCd is free software and published under the
@@ -21,6 +21,7 @@ Goetz Hoffart, <goetz@hoffart.de> (goetz)
 Ilja Osthoff, <i.osthoff@gmx.net> (ilja)
 Benjamin Pineau, <ben@zouh.org>
 Sean Reifschneider, <jafo-rpms@tummy.com>
+Florian Westphal, <westphal@foo.fh-furtwangen.de>
 
 
 Code snippets
@@ -31,4 +32,4 @@ Andrew Tridgell & Martin Pool: strl{cpy|cat}()-functions
 
 
 -- 
-$Id: AUTHORS,v 1.8.2.1 2004/05/07 11:24:17 alex Exp $
+$Id: AUTHORS,v 1.8.2.2 2005/01/26 13:26:41 alex Exp $

ChangeLog

@@ -1,7 +1,7 @@
 
                      ngIRCd - Next Generation IRC Server
 
-                      (c)2001-2004 by Alexander Barton,
+                       (c)2001-2005 Alexander Barton,
                     alex@barton.de, http://www.barton.de/
 
                ngIRCd is free software and published under the
@@ -10,7 +10,28 @@
                                -- ChangeLog --
 
 
-ngircd 0.8.1 (2004-12-25)
+ngIRCd 0.8.3 (2005-02-03)
+
+  - Fixed a bug that could case a root exploit when the daemon is compiled
+    to do IDENT lookups and is logging to syslog. Bug discovered by CoKi,
+    <coki@nosystem.com.ar>, thanks a lot!
+    (http://www.nosystem.com.ar/advisories/advisory-11.txt)
+
+ngIRCd 0.8.2 (2005-01-26)
+
+  - Added doc/SSL.txt to distribution.
+  - Fixed a buffer overflow that could cause the daemon to crash. Bug found
+    by Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+  - Fixed a possible buffer underrun when reading the MOTD file. Thanks
+    to Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+  - Fixed detection of IRC lines which are too long to send. Detected by
+    Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+  - Fixed return values of our own implementation of strlcpy(). The code has
+    been taken from rsync and they fixed it, but we didn't until today :-/
+    It has only been used when the system didn't implement strlcpy by itself,
+    not on "modern" systems. Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+
+nIRCd 0.8.1 (2004-12-25)
 
   - Autoconf: Updated config.guess and config.sub
   - Added some more debug code ...
@@ -20,11 +41,11 @@ ngircd 0.8.1 (2004-12-25)
     reading this file.
   - Enhanced the "test suite": please have a look at src/testsuite/README!
 
-ngircd 0.8.0 (2004-06-26)
+ngIRCd 0.8.0 (2004-06-26)
 
   - Fixed wrong buffer size calculation for results of the resolver.
 
-  ngircd 0.8.0-pre2 (2004-05-16)
+  ngIRCd 0.8.0-pre2 (2004-05-16)
   - Enhanced logging to console when running in "no-detached mode": added
     PID and log messages of resolver sub-processes.
   - Fixed host name lookups when using IDENT user lookups.
@@ -540,4 +561,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: ChangeLog,v 1.233.2.11 2004/12/25 00:20:57 alex Exp $
+$Id: ChangeLog,v 1.233.2.20 2005/02/03 10:16:25 alex Exp $

config.guess

@@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 
-timestamp='2004-08-13'
+timestamp='2004-11-12'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -319,6 +319,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     *:OS/390:*:*)
 	echo i370-ibm-openedition
 	exit 0 ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit 0 ;;
     *:OS400:*:*)
         echo powerpc-ibm-os400
 	exit 0 ;;
@@ -342,7 +345,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     DRS?6000:unix:4.0:6*)
 	echo sparc-icl-nx6
 	exit 0 ;;
-    DRS?6000:UNIX_SV:4.2*:7*)
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
 	case `/usr/bin/uname -p` in
 	    sparc) echo sparc-icl-nx7 && exit 0 ;;
 	esac ;;
@@ -824,6 +827,12 @@ EOF
     cris:Linux:*:*)
 	echo cris-axis-linux-gnu
 	exit 0 ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit 0 ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit 0 ;;
     ia64:Linux:*:*)
 	echo ${UNAME_MACHINE}-unknown-linux-gnu
 	exit 0 ;;
@@ -1241,7 +1250,10 @@ EOF
 	    A*) echo alpha-dec-vms && exit 0 ;;
 	    I*) echo ia64-dec-vms && exit 0 ;;
 	    V*) echo vax-dec-vms && exit 0 ;;
-	esac
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit 0 ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2

config.sub

@@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 
-timestamp='2004-06-24'
+timestamp='2004-11-30'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -267,7 +267,7 @@ case $basic_machine in
 	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
 	| we32k \
-	| x86 | xscale | xstormy16 | xtensa \
+	| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
 	| z8k)
 		basic_machine=$basic_machine-unknown
 		;;
@@ -343,8 +343,8 @@ case $basic_machine in
 	| tron-* \
 	| v850-* | v850e-* | vax-* \
 	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
-	| xtensa-* \
+	| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
 	| ymp-* \
 	| z8k-*)
 		;;
@@ -457,6 +457,9 @@ case $basic_machine in
 	crds | unos)
 		basic_machine=m68k-crds
 		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
 	cris | cris-* | etrax*)
 		basic_machine=cris-axis
 		;;
@@ -486,6 +489,10 @@ case $basic_machine in
 		basic_machine=m88k-motorola
 		os=-sysv3
 		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
 	dpx20 | dpx20-*)
 		basic_machine=rs6000-bull
 		os=-bosx
@@ -1026,6 +1033,10 @@ case $basic_machine in
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
 	xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
@@ -1294,6 +1305,9 @@ case $os in
 	-kaos*)
 		os=-kaos
 		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
 	-none)
 		;;
 	*)

configure.in

@@ -1,6 +1,6 @@
 #
 # ngIRCd -- The Next Generation IRC Daemon
-# Copyright (c)2001-2004 Alexander Barton <alex@barton.de>
+# Copyright (c)2001-2005 Alexander Barton <alex@barton.de>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -8,13 +8,13 @@
 # (at your option) any later version.
 # Please read the file COPYING, README and AUTHORS for more information.
 #
-# $Id: configure.in,v 1.102.2.5 2004/12/25 00:20:57 alex Exp $
+# $Id: configure.in,v 1.102.2.7 2005/02/03 10:16:25 alex Exp $
 #
 
 # -- Initialisation --
 
 AC_PREREQ(2.50)
-AC_INIT(ngircd, 0.8.1)
+AC_INIT(ngircd, 0.8.3)
 AC_CONFIG_SRCDIR(src/ngircd/ngircd.c)
 AC_CANONICAL_TARGET
 AM_INIT_AUTOMAKE(1.6)

contrib/Debian/changelog

@@ -1,3 +1,15 @@
+ngircd (0.8.3-0ab1) unstable; urgency=high
+
+  * New "upstream release", including security fixes.
+
+ -- Alexander Barton <alex@Arthur.Ath.CX>  Thu,  3 Feb 2005 10:41:55 +0100
+
+ngircd (0.8.2-0ab1) unstable; urgency=high
+
+  * New "upstream release", including security fixes.
+
+ -- Alexander Barton <alex@Arthur.Ath.CX>  Wed, 26 Jan 2005 23:14:12 +0100
+
 ngircd (0.8.1-0ab1) unstable; urgency=low
 
   * New "upstream release".

contrib/ngircd.spec

@@ -1,5 +1,5 @@
 %define name    ngircd
-%define version 0.8.1
+%define version 0.8.3
 %define release 1
 %define prefix  %{_prefix}
 

doc/SSL.txt

@@ -0,0 +1,58 @@
+
+                     ngIRCd - Next Generation IRC Server
+
+                      (c)2001-2004 by Alexander Barton,
+                    alex@barton.de, http://www.barton.de/
+
+               ngIRCd is free software and published under the
+                   terms of the GNU General Public License.
+
+                                 -- SSL.txt --
+
+
+ngIRCd actually doesn't support secure connections for client-server or
+server-server links using SSL, the Secure Socket Layer, by itself. But you can
+use the stunnel(8) command to make this work.
+
+  <http://stunnel.mirt.net/>
+  <http://www.stunnel.org/>
+
+Stefan Sperling (stefan at binarchy dot net) mailed me the following text as a
+short "how-to", thanks Stefan!
+
+
+=== snip ===
+    ! This guide applies to stunnel 4.x !
+
+    Put this in your stunnel.conf:
+
+        [ircs]
+        accept = 6667
+        connect = 6668
+
+    This makes stunnel listen for incoming connections
+    on port 6667 and forward decrypted data to port 6668.
+    We call the connection 'ircs'. Stunnel will use this
+    name when logging connection attempts via syslog.
+    You can also use the name in /etc/hosts.{allow,deny}
+    if you run tcp-wrappers.
+
+    To make sure ngircd is listening on the port where
+    the decrypted data arrives, set
+
+        Ports = 6668
+
+    in your ngircd.conf.
+
+    Start stunnel and restart ngircd.
+
+    That's it.
+    Don't forget to activate ssl support in your irc client ;)
+=== snip ===
+
+
+Probably ngIRCd will include support for SSL in the future ...
+
+
+-- 
+$Id: SSL.txt,v 1.2.2.1 2005/01/26 21:47:47 alex Exp $

src/ngircd/conn.c

@@ -16,7 +16,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: conn.c,v 1.134.2.3 2004/12/25 00:00:42 alex Exp $";
+static char UNUSED id[] = "$Id: conn.c,v 1.134.2.4 2005/01/19 23:35:42 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -525,7 +525,7 @@ va_dcl
 #else
 	va_start( ap );
 #endif
-	if( vsnprintf( buffer, COMMAND_LEN - 2, Format, ap ) == COMMAND_LEN - 2 )
+	if( vsnprintf( buffer, COMMAND_LEN - 2, Format, ap ) >= COMMAND_LEN - 2 )
 	{
 		Log( LOG_CRIT, "Text too long to send (connection %d)!", Idx );
 		Conn_Close( Idx, "Text too long to send!", NULL, FALSE );

src/ngircd/irc-info.c

@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-info.c,v 1.21.2.1 2004/05/07 11:24:18 alex Exp $";
+static char UNUSED id[] = "$Id: irc-info.c,v 1.21.2.2 2005/01/24 14:22:30 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -770,6 +770,7 @@ IRC_Show_MOTD( CLIENT *Client )
 	BOOLEAN ok;
 	CHAR line[127];
 	FILE *fd;
+	UINT line_len;
 
 	assert( Client != NULL );
 
@@ -790,8 +791,12 @@ IRC_Show_MOTD( CLIENT *Client )
 	if( ! IRC_WriteStrClient( Client, RPL_MOTDSTART_MSG, Client_ID( Client ), Client_ID( Client_ThisServer( )))) return DISCONNECTED;
 	while( TRUE )
 	{
-		if( ! fgets( line, 126, fd )) break;
-		if( line[strlen( line ) - 1] == '\n' ) line[strlen( line ) - 1] = '\0';
+		if( ! fgets( line, sizeof( line ), fd )) break;
+
+		line_len = strlen( line );
+		if( line_len > 0 ) line_len--;
+		if( line[line_len] == '\n' ) line[line_len] = '\0';
+
 		if( ! IRC_WriteStrClient( Client, RPL_MOTD_MSG, Client_ID( Client ), line ))
 		{
 			fclose( fd );

src/ngircd/lists.c

@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2005 Alexander Barton (alex@barton.de)
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: lists.c,v 1.15 2004/04/25 15:40:19 alex Exp $";
+static char UNUSED id[] = "$Id: lists.c,v 1.15.2.1 2005/01/26 13:27:01 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -360,9 +360,10 @@ Lists_DeleteChannel( CHANNEL *Chan )
 GLOBAL CHAR *
 Lists_MakeMask( CHAR *Pattern )
 {
-	/* Hier wird aus einem "beliebigen" Pattern eine gueltige IRC-Mask erzeugt.
-	 * Diese ist aber nur bis zum naechsten Aufruf von Lists_MakeMask() gueltig,
-	 * da ein einziger globaler Puffer verwendet wird. ->Umkopieren!*/
+	/* This function generats a valid IRC mask of "any" string. This
+	 * mask is only valid until the next call to Lists_MakeMask(),
+	 * because a single global buffer is used. You have to copy the
+	 * generated mask to some sane location yourself! */
 
 	STATIC CHAR TheMask[MASK_LEN];
 	CHAR *excl, *at;
@@ -376,7 +377,7 @@ Lists_MakeMask( CHAR *Pattern )
 
 	if(( ! at ) && ( ! excl ))
 	{
-		/* weder ! noch @ vorhanden: als Nick annehmen */
+		/* Neither "!" nor "@" found: use string as nick name */
 		strlcpy( TheMask, Pattern, sizeof( TheMask ) - 5 );
 		strlcat( TheMask, "!*@*", sizeof( TheMask ));
 		return TheMask;
@@ -384,7 +385,7 @@ Lists_MakeMask( CHAR *Pattern )
 
 	if(( ! at ) && ( excl ))
 	{
-		/* Domain fehlt */
+		/* Domain part is missing */
 		strlcpy( TheMask, Pattern, sizeof( TheMask ) - 3 );
 		strlcat( TheMask, "@*", sizeof( TheMask ));
 		return TheMask;
@@ -392,15 +393,15 @@ Lists_MakeMask( CHAR *Pattern )
 
 	if(( at ) && ( ! excl ))
 	{
-		/* User fehlt */
+		/* User name is missing */
 		*at = '\0'; at++;
-		strlcpy( TheMask, Pattern, sizeof( TheMask ) - strlen( at ) - 4 );
+		strlcpy( TheMask, Pattern, sizeof( TheMask ) - 5 );
 		strlcat( TheMask, "!*@", sizeof( TheMask ));
 		strlcat( TheMask, at, sizeof( TheMask ));
 		return TheMask;
 	}
 
-	/* alle Teile vorhanden */
+	/* All parts (nick, user and domain name) are given */
 	strlcpy( TheMask, Pattern, sizeof( TheMask ));
 	return TheMask;
 } /* Lists_MakeMask */

src/ngircd/log.c

@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: log.c,v 1.44.2.3 2004/06/26 09:06:27 alex Exp $";
+static char UNUSED id[] = "$Id: log.c,v 1.44.2.4 2005/02/03 09:27:09 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -269,7 +269,7 @@ va_dcl
 		fflush( stdout );
 	}
 #ifdef SYSLOG
-	else syslog( Level, msg );
+	else syslog( Level, "%s", msg );
 #endif
 } /* Log_Resolver */
 

src/ngircd/ngircd.c

@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2004 by Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2005 by Alexander Barton (alex@barton.de)
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: ngircd.c,v 1.83.2.2 2004/05/15 23:52:17 alex Exp $";
+static char UNUSED id[] = "$Id: ngircd.c,v 1.83.2.3 2005/01/26 22:02:36 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -545,7 +545,7 @@ LOCAL VOID
 Show_Version( VOID )
 {
 	puts( NGIRCd_Version( ));
-	puts( "Copyright (c)2001-2004 by Alexander Barton (<alex@barton.de>)." );
+	puts( "Copyright (c)2001-2005 by Alexander Barton (<alex@barton.de>)." );
 	puts( "Homepage: <http://arthur.ath.cx/~alex/ngircd/>\n" );
 	puts( "This is free software; see the source for copying conditions. There is NO" );
 	puts( "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." );

src/portab/strlcpy.c

@@ -19,7 +19,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: strlcpy.c,v 1.2 2002/12/26 14:34:11 alex Exp $";
+static char UNUSED id[] = "$Id: strlcpy.c,v 1.2.4.1 2005/01/18 09:09:05 alex Exp $";
 
 #include "imp.h"
 #include <string.h>
@@ -61,12 +61,13 @@ strlcpy( CHAR *dst, CONST CHAR *src, size_t size )
 	 * always null terminates. */
 
 	size_t len = strlen( src );
+	size_t ret = len;
 
-	if( size <= 0 ) return len;
+	if( size <= 0 ) return 0;
 	if( len >= size ) len = size - 1;
 	memcpy( dst, src, len );
 	dst[len] = 0;
-	return len;
+	return ret;
 } /* strlcpy */
 
 #endif