diff options
| author | Alexander Barton <alex@barton.de> | 2008-05-30 14:49:56 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2008-05-30 14:58:25 +0200 |
| commit | 8644cbf197807909e4caea184278872cdeca1963 (patch) | |
| tree | 68f82dcf709b592babcc7aff8ac54d25b8cf62a4 /src | |
| parent | 4c121f277da634d62a382457eb1df354cfb77b9b (diff) | |
| download | ngircd-8644cbf197807909e4caea184278872cdeca1963.tar.gz ngircd-8644cbf197807909e4caea184278872cdeca1963.zip | |
Don't allow stray \r or \n in command parameters
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n", "arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead to output like: :ngircd.test.server 322 nick #chan 1 : topicwithprecedingnewline :ngircd.test.server 322 nick #nxtchan 1 : [..] Worse, this allows clients to piggyback irc commands, e.g. "TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which causes the client to receive a JOIN command during /LIST output. Bug reported by Scott Perry, first patch by Florian Westphal.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngircd/parse.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c index ef2dbbba..00ae3cd7 100644 --- a/src/ngircd/parse.c +++ b/src/ngircd/parse.c @@ -1,6 +1,6 @@ /* * ngIRCd -- The Next Generation IRC Daemon - * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de) + * Copyright (c)2001-2008 Alexander Barton (alex@barton.de) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -9,11 +9,8 @@ * Please read the file COPYING, README and AUTHORS for more information. */ - #include "portab.h" -static char UNUSED id[] = "$Id: parse.c,v 1.72 2008/02/17 13:26:42 alex Exp $"; - /** * @file * IRC command parser and validator. @@ -341,12 +338,25 @@ Validate_Command( UNUSED CONN_ID Idx, UNUSED REQUEST *Req, bool *Closed ) static bool -Validate_Args( UNUSED CONN_ID Idx, UNUSED REQUEST *Req, bool *Closed ) +Validate_Args(CONN_ID Idx, REQUEST *Req, bool *Closed) { + int i; + assert( Idx >= 0 ); assert( Req != NULL ); *Closed = false; + for (i = 0; i < Req->argc; i++) { + if (strchr(Req->argv[i], '\r') || strchr(Req->argv[i], '\n')) { + Log(LOG_ERR, + "Invalid character(s) in parameter (connection %d, command %s)!?", + Idx, Req->command); + if (!Conn_WriteStr(Idx, + "ERROR :Invalid character(s) in parameter!")) + *Closed = true; + return false; + } + } return true; } /* Validate_Args */ |