summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-25 21:58:32 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-25 21:58:32 +0000
commit24dfb05a8681591aaeaf852214c6c268bb40ed3e (patch)
tree6613c07d9944771f821d1a5e2ff3f4d6e0eb3f5d /src
parent807af44602e002ef41087131a99fa400d1ca737f (diff)
Mini security audit
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5333 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src')
-rw-r--r--src/channels.cpp4
-rw-r--r--src/cmd_modules.cpp2
-rw-r--r--src/command_parse.cpp2
-rw-r--r--src/modules/extra/m_pgsql.cpp2
-rw-r--r--src/modules/m_check.cpp6
-rw-r--r--src/modules/m_opermd5.cpp20
-rw-r--r--src/modules/m_randquote.cpp8
-rw-r--r--src/modules/m_tline.cpp2
8 files changed, 19 insertions, 27 deletions
diff --git a/src/channels.cpp b/src/channels.cpp
index 28052de98..3e4f995ae 100644
--- a/src/channels.cpp
+++ b/src/channels.cpp
@@ -304,7 +304,7 @@ chanrec* chanrec::JoinUser(InspIRCd* Instance, userrec *user, const char* cn, bo
MOD_RESULT = 0;
FOREACH_RESULT_I(Instance,I_OnCheckBan,OnCheckBan(user, Ptr));
char mask[MAXBUF];
- sprintf(mask,"%s!%s@%s",user->nick, user->ident, user->GetIPString());
+ snprintf(mask, MAXBUF, "%s!%s@%s",user->nick, user->ident, user->GetIPString());
if (!MOD_RESULT)
{
if (Ptr->IsBanned(user))
@@ -443,7 +443,7 @@ chanrec* chanrec::ForceChan(InspIRCd* Instance, chanrec* Ptr,ucrec *a,userrec* u
bool chanrec::IsBanned(userrec* user)
{
char mask[MAXBUF];
- sprintf(mask,"%s!%s@%s",user->nick, user->ident, user->GetIPString());
+ snprintf(mask, MAXBUF, "%s!%s@%s", user->nick, user->ident, user->GetIPString());
for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++)
{
/* This allows CIDR ban matching
diff --git a/src/cmd_modules.cpp b/src/cmd_modules.cpp
index 22e3a32bb..3e7f63399 100644
--- a/src/cmd_modules.cpp
+++ b/src/cmd_modules.cpp
@@ -82,7 +82,7 @@ CmdResult cmd_modules::Handle (const char** parameters, int pcnt, userrec *user)
if (ServerInstance->Config->implement_lists[i][it])
{
snprintf(data,MAXBUF,"%s=>%c ",itab[it],(ServerInstance->Config->implement_lists[i][it] ? '1' : '0'));
- strncat(dlist,data,MAXBUF);
+ strlcat(dlist,data,MAXBUF);
}
it++;
}
diff --git a/src/command_parse.cpp b/src/command_parse.cpp
index 881e1abc7..8722a2145 100644
--- a/src/command_parse.cpp
+++ b/src/command_parse.cpp
@@ -518,7 +518,7 @@ bool CommandParser::ReloadCommand(const char* cmd)
dlclose(command->second);
RFCCommands.erase(command);
- sprintf(filename, "cmd_%s.so", commandname);
+ snprintf(filename, MAXBUF, "cmd_%s.so", commandname);
this->LoadCommand(filename);
return true;
diff --git a/src/modules/extra/m_pgsql.cpp b/src/modules/extra/m_pgsql.cpp
index ed068fdf1..103c9edfc 100644
--- a/src/modules/extra/m_pgsql.cpp
+++ b/src/modules/extra/m_pgsql.cpp
@@ -523,7 +523,7 @@ public:
sqlsuccess = new char[strlen(SQLSUCCESS)+1];
- strcpy(sqlsuccess, SQLSUCCESS);
+ strlcpy(sqlsuccess, SQLSUCCESS, strlen(SQLSUCCESS)+1);
OnRehash("");
}
diff --git a/src/modules/m_check.cpp b/src/modules/m_check.cpp
index 86bc9cef5..17ed26e3a 100644
--- a/src/modules/m_check.cpp
+++ b/src/modules/m_check.cpp
@@ -127,7 +127,7 @@ class cmd_check : public command_t
* find how many connections from this user's IP -- unlike Asuka,
* I define a clone as coming from the same host. --w00t
*/
- sprintf(ptr, "%lu ", i->second->GlobalCloneCount());
+ snprintf(ptr, MAXBUF, "%lu ", i->second->GlobalCloneCount());
if (flags & UCMODE_OP)
{
@@ -144,8 +144,8 @@ class cmd_check : public command_t
strcat(ptr, "+");
}
- sprintf(tmpbuf, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname);
- strcat(ptr, tmpbuf);
+ snprintf(tmpbuf, MAXBUF, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname);
+ strlcat(ptr, tmpbuf, MAXBUF);
user->WriteServ(checkstr + " member " + ptr);
}
diff --git a/src/modules/m_opermd5.cpp b/src/modules/m_opermd5.cpp
index 1e085deae..57eb2c5ef 100644
--- a/src/modules/m_opermd5.cpp
+++ b/src/modules/m_opermd5.cpp
@@ -252,23 +252,17 @@ void MyMD5(void *dest, void *orig, int len)
void GenHash(const char* src, char* dest)
{
- int i = 0;
unsigned char bytes[16];
- char hash[1024];
- *hash = 0;
+ const char* xtab = "0123456789abcdef";
+
MyMD5((char*)bytes,(void*)src,strlen(src));
- for (i = 0; i < 16; i++)
+
+ for (int i = 0; i < 16; i++)
{
- const char* xtab = "0123456789abcdef";
- unsigned char lo = xtab[bytes[i] % 16];
- unsigned char hi = xtab[bytes[i] / 16];
- char hx[3];
- hx[0] = hi;
- hx[1] = lo;
- hx[2] = '\0';
- strcat(hash,hx);
+ *dest++ = xtab[bytes[i] % 16];
+ *dest++ = xtab[bytes[i] / 16];
}
- strcpy(dest,hash);
+ *dest++ = 0;
}
/** Handle /MKPASSWD
diff --git a/src/modules/m_randquote.cpp b/src/modules/m_randquote.cpp
index 46af34f63..b68eb5aa5 100644
--- a/src/modules/m_randquote.cpp
+++ b/src/modules/m_randquote.cpp
@@ -43,18 +43,16 @@ class cmd_randquote : public command_t
{
std::string str;
int fsize;
- char buf[MAXBUF];
+
if (q_file == "" || quotes->Exists())
{
fsize = quotes->FileSize();
str = quotes->GetLine(rand() % fsize);
- sprintf(buf,"NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str());
- user->WriteServ(std::string(buf));
+ user->WriteServ("NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str());
}
else
{
- sprintf(buf, "NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick);
- user->WriteServ(std::string(buf));
+ user->WriteServ("NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick);
return CMD_FAILURE;
}
return CMD_SUCCESS;
diff --git a/src/modules/m_tline.cpp b/src/modules/m_tline.cpp
index ccb560428..bde4737a7 100644
--- a/src/modules/m_tline.cpp
+++ b/src/modules/m_tline.cpp
@@ -57,7 +57,7 @@ class cmd_tline : public command_t
else
{
char host[MAXBUF];
- sprintf(host, "%s@%s", u->second->ident, u->second->GetIPString());
+ snprintf(host, MAXBUF, "%s@%s", u->second->ident, u->second->GetIPString());
if (match(host, parameters[0], true))
{
n_matched++;