[packages/BitchX.git] / BitchX-security.patch

diff -ru BitchX-old/source/banlist.c BitchX/source/banlist.c
--- BitchX-old/source/banlist.c	2002-02-28 06:22:46.000000000 +0200
+++ BitchX/source/banlist.c	2003-03-13 20:09:01.000000000 +0200
@@ -277,30 +277,30 @@
 		case 7:
 			if (ip)
 			{
-				sprintf(banstr, "*!*@%s", cluster(ip));
+				snprintf(banstr, sizeof(banstr), "*!*@%s", cluster(ip));
 				break;
 			}
 		case 2: /* Better 	*/
-			sprintf(banstr, "*!*%s@%s", t1, cluster(host));
+			snprintf(banstr, sizeof(banstr), "*!*%s@%s", t1, cluster(host));
 			break;
 		case 3: /* Host 	*/
-			sprintf(banstr, "*!*@%s", host);
+			snprintf(banstr, sizeof(banstr), "*!*@%s", host);
 			break;
 		case 4: /* Domain	*/
-			sprintf(banstr, "*!*@*%s", strrchr(host, '.'));
+			snprintf(banstr, sizeof(banstr), "*!*@*%s", strrchr(host, '.'));
 			break;
 		case 5: /* User		*/
-			sprintf(banstr, "*!%s@%s", t, cluster(host));
+			snprintf(banstr, sizeof(banstr), "*!%s@%s", t, cluster(host));
 			break;
 		case 6: /* Screw 	*/
 			malloc_sprintf(&tmpstr, "*!*%s@%s", t1, host);
-			strcpy(banstr, screw(tmpstr));
+			strmcpy(banstr, screw(tmpstr), sizeof(banstr)-1);
 			new_free(&tmpstr);
 			break;
 		case 1:	/* Normal 	*/
 		default:
 		{
-			sprintf(banstr, "%s!*%s@%s", nick, t1, host);
+			snprintf(banstr, sizeof(banstr), "%s!*%s@%s", nick, t1, host);
 			break;
 		}
 	}
diff -ru BitchX-old/source/ctcp.c BitchX/source/ctcp.c
--- BitchX-old/source/ctcp.c	2002-02-28 06:22:47.000000000 +0200
+++ BitchX/source/ctcp.c	2003-03-13 19:59:35.000000000 +0200
@@ -1482,6 +1482,7 @@
 	     *putbuf2;
 	int len;
 	len = IRCD_BUFFER_SIZE - (12 + strlen(to));
+	if (len <= 2) return;
 	putbuf2 = alloca(len);
 
 	if (format)
diff -ru BitchX-old/source/misc.c BitchX/source/misc.c
--- BitchX-old/source/misc.c	2002-03-24 11:31:07.000000000 +0200
+++ BitchX/source/misc.c	2003-03-13 20:02:13.000000000 +0200
@@ -3121,19 +3121,19 @@
 	{
 		if (*hostname == '~')
 			hostname++;
-		strcpy(result, hostname);
+		strmcpy(result, hostname, sizeof(result)-1);
 		*strchr(result, '@') = '\0';
 		if (strlen(result) > 9)
 		{
 			result[8] = '*';
 			result[9] = '\0';
 		}
-		strcat(result, "@");
+		strmcat(result, "@", sizeof(result)-1);
 		if (!(hostname = strchr(hostname, '@')))
 			return NULL;
 		hostname++;
 	}
-	strcpy(host, hostname);
+	strmcpy(host, hostname, sizeof(host)-1);
 
 	if (*host && isdigit(*(host + strlen(host) - 1)))
 	{
@@ -3154,8 +3154,8 @@
                 for (i = 0; i < count; i++)
                         tmp = strchr(tmp, '.') + 1;
                 *tmp = '\0';
-                strcat(result, host);
-                strcat(result, "*");
+                strmcat(result, host, sizeof(result)-1);
+                strmcat(result, "*", sizeof(result)-1);
 	}
 	else
 	{
@@ -3177,10 +3177,10 @@
 			else
 				return (char *) NULL;
 		}
-		strcat(result, "*");
+		strmcat(result, "*", sizeof(result)-1);
 		if (my_stricmp(host, temphost))
-			strcat(result, ".");
-		strcat(result, host);
+			strmcat(result, ".", sizeof(result)-1);
+		strmcat(result, host, sizeof(result)-1);
 	}
 	return result;
 }
diff -ru BitchX-old/source/names.c BitchX/source/names.c
--- BitchX-old/source/names.c	2002-03-25 22:47:30.000000000 +0200
+++ BitchX/source/names.c	2003-03-13 20:10:26.000000000 +0200
@@ -572,7 +572,7 @@
 
    	*nmodes = 0;
    	*nargs = 0;
-	for (; *modes; modes++) 
+	for (; *modes && strlen(nmodes) < sizeof(nmodes)-2; modes++)
 	{
 		isbanned = isopped = isvoiced = 0;
 		switch (*modes) 
@@ -742,7 +742,7 @@
 
    /* modes which can be done multiple times are added here */
 
-	for (tucm = ucm; tucm; tucm = tucm->next) 
+	for (tucm = ucm; tucm && strlen(nmodes) < sizeof(nmodes)-2; tucm = tucm->next)
 	{
 		if (tucm->o_ed) 
 		{
diff -ru BitchX-old/source/notice.c BitchX/source/notice.c
--- BitchX-old/source/notice.c	2002-02-28 06:22:50.000000000 +0200
+++ BitchX/source/notice.c	2003-03-13 20:07:39.000000000 +0200
@@ -422,10 +422,10 @@
 	{
 		char *q = strchr(line, ':');
 		char *port = empty_string;
-		int conn = !strncmp(line+7, "connect", 7) ? 1 : 0;
+		int conn = strlen(line) > 7 && !strncmp(line+7, "connect", 7) ? 1 : 0;
 		int dalnet = 0, ircnet = 0;
 
-		if (*(line+18) == ':')
+		if (strlen(line) > 18 && *(line+18) == ':')
 			q = NULL;
 		else
 			dalnet = (q == NULL);
@@ -462,7 +462,7 @@
 		    else sscanf(p, "%s was %s from %s", for_, fr, temp);
 
 		    q = p;
-		    sprintf(q, "%s@%s", fr, temp);
+		    snprintf(q, strlen(q)+1, "%s@%s", fr, temp);
 		    if (!conn) 
 		    {
 			port = strstr(temp2, "reason:");
diff -ru BitchX-old/source/server.c BitchX/source/server.c
--- BitchX-old/source/server.c	2002-03-25 07:21:24.000000000 +0200
+++ BitchX/source/server.c	2003-03-13 20:10:00.000000000 +0200
@@ -474,11 +474,11 @@
 					}
 					else
 #endif
-						junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, server_list[i].ssl_fd);
+						junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, server_list[i].ssl_fd);
 				}
 				else
 #endif
-					junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, NULL);
+					junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, NULL);
 			}
 			switch (junk)
 			{
@@ -1741,7 +1741,7 @@
 			default:
 				if (FD_ISSET(des, &rd))
 				{
-					if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE, NULL))
+					if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE/2, NULL))
 						flushing = 0;
 				}
 				break;
@@ -1751,7 +1751,7 @@
 	FD_ZERO(&rd);
 	FD_SET(des, &rd);
 	if (new_select(&rd, NULL, &timeout) > 0)
-		dgets(buffer, des, 1, BIG_BUFFER_SIZE, NULL);
+		dgets(buffer, des, 1, BIG_BUFFER_SIZE/2, NULL);
 }
Commit	Line	Data
bf904ecd	1	diff -ru BitchX-old/source/banlist.c BitchX/source/banlist.c
	2	--- BitchX-old/source/banlist.c 2002-02-28 06:22:46.000000000 +0200
	3	+++ BitchX/source/banlist.c 2003-03-13 20:09:01.000000000 +0200
	4	@@ -277,30 +277,30 @@
	5	case 7:
	6	if (ip)
	7	{
	8	- sprintf(banstr, "!@%s", cluster(ip));
	9	+ snprintf(banstr, sizeof(banstr), "!@%s", cluster(ip));
	10	break;
	11	}
	12	case 2: /* Better */
	13	- sprintf(banstr, "!%s@%s", t1, cluster(host));
	14	+ snprintf(banstr, sizeof(banstr), "!%s@%s", t1, cluster(host));
	15	break;
	16	case 3: /* Host */
	17	- sprintf(banstr, "!@%s", host);
	18	+ snprintf(banstr, sizeof(banstr), "!@%s", host);
	19	break;
	20	case 4: /* Domain */
	21	- sprintf(banstr, "!@*%s", strrchr(host, '.'));
	22	+ snprintf(banstr, sizeof(banstr), "!@*%s", strrchr(host, '.'));
	23	break;
	24	case 5: /* User */
	25	- sprintf(banstr, "*!%s@%s", t, cluster(host));
	26	+ snprintf(banstr, sizeof(banstr), "*!%s@%s", t, cluster(host));
	27	break;
	28	case 6: /* Screw */
	29	malloc_sprintf(&tmpstr, "!%s@%s", t1, host);
	30	- strcpy(banstr, screw(tmpstr));
	31	+ strmcpy(banstr, screw(tmpstr), sizeof(banstr)-1);
	32	new_free(&tmpstr);
	33	break;
	34	case 1: /* Normal */
	35	default:
	36	{
	37	- sprintf(banstr, "%s!*%s@%s", nick, t1, host);
	38	+ snprintf(banstr, sizeof(banstr), "%s!*%s@%s", nick, t1, host);
	39	break;
	40	}
	41	}
	42	diff -ru BitchX-old/source/ctcp.c BitchX/source/ctcp.c
	43	--- BitchX-old/source/ctcp.c 2002-02-28 06:22:47.000000000 +0200
	44	+++ BitchX/source/ctcp.c 2003-03-13 19:59:35.000000000 +0200
	45	@@ -1482,6 +1482,7 @@
	46	*putbuf2;
	47	int len;
	48	len = IRCD_BUFFER_SIZE - (12 + strlen(to));
	49	+ if (len <= 2) return;
	50	putbuf2 = alloca(len);
	51
	52	if (format)
	53	diff -ru BitchX-old/source/misc.c BitchX/source/misc.c
	54	--- BitchX-old/source/misc.c 2002-03-24 11:31:07.000000000 +0200
	55	+++ BitchX/source/misc.c 2003-03-13 20:02:13.000000000 +0200
	56	@@ -3121,19 +3121,19 @@
	57	{
	58	if (*hostname == '~')
	59	hostname++;
	60	- strcpy(result, hostname);
	61	+ strmcpy(result, hostname, sizeof(result)-1);
	62	*strchr(result, '@') = '\0';
	63	if (strlen(result) > 9)
	64	{
65	result[8] = '*';
66	result[9] = '\0';
67	}
68	- strcat(result, "@");
69	+ strmcat(result, "@", sizeof(result)-1);
70	if (!(hostname = strchr(hostname, '@')))
71	return NULL;
72	hostname++;
73	}
74	- strcpy(host, hostname);
75	+ strmcpy(host, hostname, sizeof(host)-1);
76
77	if (host && isdigit((host + strlen(host) - 1)))
78	{
79	@@ -3154,8 +3154,8 @@
80	for (i = 0; i < count; i++)
81	tmp = strchr(tmp, '.') + 1;
82	*tmp = '\0';
83	- strcat(result, host);
84	- strcat(result, "*");
85	+ strmcat(result, host, sizeof(result)-1);
86	+ strmcat(result, "*", sizeof(result)-1);
87	}
88	else
89	{
90	@@ -3177,10 +3177,10 @@
91	else
92	return (char *) NULL;
93	}
94	- strcat(result, "*");
95	+ strmcat(result, "*", sizeof(result)-1);
96	if (my_stricmp(host, temphost))
97	- strcat(result, ".");
98	- strcat(result, host);
99	+ strmcat(result, ".", sizeof(result)-1);
100	+ strmcat(result, host, sizeof(result)-1);
101	}
102	return result;
103	}
104	diff -ru BitchX-old/source/names.c BitchX/source/names.c
105	--- BitchX-old/source/names.c 2002-03-25 22:47:30.000000000 +0200
106	+++ BitchX/source/names.c 2003-03-13 20:10:26.000000000 +0200
107	@@ -572,7 +572,7 @@
108
109	*nmodes = 0;
110	*nargs = 0;
111	- for (; *modes; modes++)
112	+ for (; *modes && strlen(nmodes) < sizeof(nmodes)-2; modes++)
113	{
114	isbanned = isopped = isvoiced = 0;
115	switch (*modes)
116	@@ -742,7 +742,7 @@
117
118	/* modes which can be done multiple times are added here */
119
120	- for (tucm = ucm; tucm; tucm = tucm->next)
121	+ for (tucm = ucm; tucm && strlen(nmodes) < sizeof(nmodes)-2; tucm = tucm->next)
122	{
123	if (tucm->o_ed)
124	{
125	diff -ru BitchX-old/source/notice.c BitchX/source/notice.c
126	--- BitchX-old/source/notice.c 2002-02-28 06:22:50.000000000 +0200
127	+++ BitchX/source/notice.c 2003-03-13 20:07:39.000000000 +0200
128	@@ -422,10 +422,10 @@
129	{
130	char *q = strchr(line, ':');
131	char *port = empty_string;
132	- int conn = !strncmp(line+7, "connect", 7) ? 1 : 0;
133	+ int conn = strlen(line) > 7 && !strncmp(line+7, "connect", 7) ? 1 : 0;
134	int dalnet = 0, ircnet = 0;
135
136	- if (*(line+18) == ':')
137	+ if (strlen(line) > 18 && *(line+18) == ':')
138	q = NULL;
139	else
140	dalnet = (q == NULL);
141	@@ -462,7 +462,7 @@
142	else sscanf(p, "%s was %s from %s", for_, fr, temp);
143
144	q = p;
145	- sprintf(q, "%s@%s", fr, temp);
146	+ snprintf(q, strlen(q)+1, "%s@%s", fr, temp);
147	if (!conn)
148	{
149	port = strstr(temp2, "reason:");
150	diff -ru BitchX-old/source/server.c BitchX/source/server.c
151	--- BitchX-old/source/server.c 2002-03-25 07:21:24.000000000 +0200
152	+++ BitchX/source/server.c 2003-03-13 20:10:00.000000000 +0200
153	@@ -474,11 +474,11 @@
154	}
155	else
156	#endif
157	- junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, server_list[i].ssl_fd);
158	+ junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, server_list[i].ssl_fd);
159	}
160	else
161	#endif
162	- junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, NULL);
163	+ junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, NULL);
164	}
165	switch (junk)
166	{
167	@@ -1741,7 +1741,7 @@
168	default:
169	if (FD_ISSET(des, &rd))
170	{
171	- if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE, NULL))
172	+ if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE/2, NULL))
173	flushing = 0;
174	}
175	break;
176	@@ -1751,7 +1751,7 @@
177	FD_ZERO(&rd);
178	FD_SET(des, &rd);
179	if (new_select(&rd, NULL, &timeout) > 0)
180	- dgets(buffer, des, 1, BIG_BUFFER_SIZE, NULL);
181	+ dgets(buffer, des, 1, BIG_BUFFER_SIZE/2, NULL);
182	}