summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-25 21:58:32 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-25 21:58:32 +0000
commit24dfb05a8681591aaeaf852214c6c268bb40ed3e (patch)
tree6613c07d9944771f821d1a5e2ff3f4d6e0eb3f5d /src/modules
parent807af44602e002ef41087131a99fa400d1ca737f (diff)
Mini security audit
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5333 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/extra/m_pgsql.cpp2
-rw-r--r--src/modules/m_check.cpp6
-rw-r--r--src/modules/m_opermd5.cpp20
-rw-r--r--src/modules/m_randquote.cpp8
-rw-r--r--src/modules/m_tline.cpp2
5 files changed, 15 insertions, 23 deletions
diff --git a/src/modules/extra/m_pgsql.cpp b/src/modules/extra/m_pgsql.cpp
index ed068fdf1..103c9edfc 100644
--- a/src/modules/extra/m_pgsql.cpp
+++ b/src/modules/extra/m_pgsql.cpp
@@ -523,7 +523,7 @@ public:
sqlsuccess = new char[strlen(SQLSUCCESS)+1];
- strcpy(sqlsuccess, SQLSUCCESS);
+ strlcpy(sqlsuccess, SQLSUCCESS, strlen(SQLSUCCESS)+1);
OnRehash("");
}
diff --git a/src/modules/m_check.cpp b/src/modules/m_check.cpp
index 86bc9cef5..17ed26e3a 100644
--- a/src/modules/m_check.cpp
+++ b/src/modules/m_check.cpp
@@ -127,7 +127,7 @@ class cmd_check : public command_t
* find how many connections from this user's IP -- unlike Asuka,
* I define a clone as coming from the same host. --w00t
*/
- sprintf(ptr, "%lu ", i->second->GlobalCloneCount());
+ snprintf(ptr, MAXBUF, "%lu ", i->second->GlobalCloneCount());
if (flags & UCMODE_OP)
{
@@ -144,8 +144,8 @@ class cmd_check : public command_t
strcat(ptr, "+");
}
- sprintf(tmpbuf, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname);
- strcat(ptr, tmpbuf);
+ snprintf(tmpbuf, MAXBUF, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname);
+ strlcat(ptr, tmpbuf, MAXBUF);
user->WriteServ(checkstr + " member " + ptr);
}
diff --git a/src/modules/m_opermd5.cpp b/src/modules/m_opermd5.cpp
index 1e085deae..57eb2c5ef 100644
--- a/src/modules/m_opermd5.cpp
+++ b/src/modules/m_opermd5.cpp
@@ -252,23 +252,17 @@ void MyMD5(void *dest, void *orig, int len)
void GenHash(const char* src, char* dest)
{
- int i = 0;
unsigned char bytes[16];
- char hash[1024];
- *hash = 0;
+ const char* xtab = "0123456789abcdef";
+
MyMD5((char*)bytes,(void*)src,strlen(src));
- for (i = 0; i < 16; i++)
+
+ for (int i = 0; i < 16; i++)
{
- const char* xtab = "0123456789abcdef";
- unsigned char lo = xtab[bytes[i] % 16];
- unsigned char hi = xtab[bytes[i] / 16];
- char hx[3];
- hx[0] = hi;
- hx[1] = lo;
- hx[2] = '\0';
- strcat(hash,hx);
+ *dest++ = xtab[bytes[i] % 16];
+ *dest++ = xtab[bytes[i] / 16];
}
- strcpy(dest,hash);
+ *dest++ = 0;
}
/** Handle /MKPASSWD
diff --git a/src/modules/m_randquote.cpp b/src/modules/m_randquote.cpp
index 46af34f63..b68eb5aa5 100644
--- a/src/modules/m_randquote.cpp
+++ b/src/modules/m_randquote.cpp
@@ -43,18 +43,16 @@ class cmd_randquote : public command_t
{
std::string str;
int fsize;
- char buf[MAXBUF];
+
if (q_file == "" || quotes->Exists())
{
fsize = quotes->FileSize();
str = quotes->GetLine(rand() % fsize);
- sprintf(buf,"NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str());
- user->WriteServ(std::string(buf));
+ user->WriteServ("NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str());
}
else
{
- sprintf(buf, "NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick);
- user->WriteServ(std::string(buf));
+ user->WriteServ("NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick);
return CMD_FAILURE;
}
return CMD_SUCCESS;
diff --git a/src/modules/m_tline.cpp b/src/modules/m_tline.cpp
index ccb560428..bde4737a7 100644
--- a/src/modules/m_tline.cpp
+++ b/src/modules/m_tline.cpp
@@ -57,7 +57,7 @@ class cmd_tline : public command_t
else
{
char host[MAXBUF];
- sprintf(host, "%s@%s", u->second->ident, u->second->GetIPString());
+ snprintf(host, MAXBUF, "%s@%s", u->second->ident, u->second->GetIPString());
if (match(host, parameters[0], true))
{
n_matched++;