Made on IRCNow

Commit Diff

Commit:: d986cd372f2a1eb2ef6b38c00f13e588eb274e97
From:: Florian Westphal <fw@strlen.de>
Date:: Mon Jan 7 11:42:13 2008 UTC
Message:: IRC_PART could reference invalid memory.
Actions:: Patch | Tree
commit - 762aec0e08778a2b055f9ac27cf9702023730e34
commit + d986cd372f2a1eb2ef6b38c00f13e588eb274e97
blob - d535e7b193257b9f7e054238575345a42cf5d666
blob + a0ca03b3f343f6f211037df76b3244bee9c1db5f
--- ChangeLog
+++ ChangeLog
@@ -12,6 +12,8 @@
 
 ngIRCd 0.11.0-pre1 (2008-01-02)
 
+  - SECURITY: IRC_PART could reference invalid memory, causing
+    ngircd to crash [from HEAD].
   - Use dotted-decimal IP address if hostname is >= 64.
   - Add support for /STAT u (server uptime) command.
   - New [Server] configuration Option "Bind" allows to specify
@@ -724,4 +726,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: ChangeLog,v 1.332.2.2 2008/01/02 21:39:59 alex Exp $
+$Id: ChangeLog,v 1.332.2.3 2008/01/07 11:42:13 fw Exp $
blob - 03204d653af7072258b7844c29978f8087b902b6
blob + 39ef83d383a98ce6430d13631149c7e85c3b513d
--- src/ngircd/irc-channel.c
+++ src/ngircd/irc-channel.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-channel.c,v 1.40 2007/07/31 18:56:14 alex Exp $";
+static char UNUSED id[] = "$Id: irc-channel.c,v 1.40.2.1 2008/01/07 11:42:14 fw Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -269,8 +269,9 @@ IRC_PART( CLIENT *Client, REQUEST *Req )
 	assert( Client != NULL );
 	assert( Req != NULL );
 
-	/* Falsche Anzahl Parameter? */
-	if(( Req->argc > 2 )) return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+	if (Req->argc < 1 || Req->argc > 2)
+		return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+					Client_ID(Client), Req->command);
 
 	/* Wer ist der Absender? */
 	if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix );
@@ -278,18 +279,11 @@ IRC_PART( CLIENT *Client, REQUEST *Req )
 	if( ! target ) return IRC_WriteStrClient( Client, ERR_NOSUCHNICK_MSG, Client_ID( Client ), Req->prefix );
 
 	/* Channel-Namen durchgehen */
-	chan = strtok( Req->argv[0], "," );
-	while( chan )
-	{
-		if( ! Channel_Part( target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID( target )))
-		{
-			/* naechsten Namen ermitteln */
-			chan = strtok( NULL, "," );
-			continue;
-		}
+	chan = strtok(Req->argv[0], ",");
+	while (chan) {
+		Channel_Part(target, Client, chan, Req->argc > 1 ? Req->argv[1] : Client_ID(target));
 
-		/* naechsten Namen ermitteln */
-		chan = strtok( NULL, "," );
+		chan = strtok(NULL, ",");
 	}
 	return CONNECTED;
 } /* IRC_PART */