SECURITY: Fixed a severe bug in handling JOIN commands, which could

cause the server to crash. Thanks to Sebastian Vesper, <net@veoson.net>.

2 files changed, 12 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index b1149cea..262b906c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,8 +16,13 @@ ngIRCd HEAD
   - Adjust path names in manual pages according to "./configure" settings.
   - Add new server config option to disable automatic connect. (Similar to -p
     option to ngircd, but only for the specified server) (Tassilo Schweyer)
-  - Don't connect to a server if a connection to another server within the same group
-  is in progress.
+  - Don't connect to a server if a connection to another server within the
+    same group is in progress.
+
+ngIRCd 0.10.3 (2007-08-01)
+
+  - SECURITY: Fixed a severe bug in handling JOIN commands, which could
+    cause the server to crash. Thanks to Sebastian Vesper, <net@veoson.net>.
 
 ngIRCd 0.10.2 (2007-06-08)
 
@@ -698,4 +703,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: ChangeLog,v 1.319 2007/06/28 15:13:38 fw Exp $
+$Id: ChangeLog,v 1.320 2007/07/31 18:56:13 alex Exp $
diff --git a/src/ngircd/irc-channel.c b/src/ngircd/irc-channel.c
index 7b92c2b0..03204d65 100644
--- a/src/ngircd/irc-channel.c
+++ b/src/ngircd/irc-channel.c
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-channel.c,v 1.39 2006/12/07 17:57:20 fw Exp $";
+static char UNUSED id[] = "$Id: irc-channel.c,v 1.40 2007/07/31 18:56:14 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -52,7 +52,9 @@ IRC_JOIN( CLIENT *Client, REQUEST *Req )
 	assert( Req != NULL );
 
 	/* Bad number of arguments? */
-	if(( Req->argc > 2 )) return IRC_WriteStrClient( Client, ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+	if (Req->argc < 1 || Req->argc > 2)
+		return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+					  Client_ID(Client), Req->command);
 
 	/* Who is the sender? */
 	if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search( Req->prefix );