From 24dfb05a8681591aaeaf852214c6c268bb40ed3e Mon Sep 17 00:00:00 2001 From: brain Date: Mon, 25 Sep 2006 21:58:32 +0000 Subject: Mini security audit git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5333 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/channels.cpp | 4 ++-- src/cmd_modules.cpp | 2 +- src/command_parse.cpp | 2 +- src/modules/extra/m_pgsql.cpp | 2 +- src/modules/m_check.cpp | 6 +++--- src/modules/m_opermd5.cpp | 20 +++++++------------- src/modules/m_randquote.cpp | 8 +++----- src/modules/m_tline.cpp | 2 +- 8 files changed, 19 insertions(+), 27 deletions(-) diff --git a/src/channels.cpp b/src/channels.cpp index 28052de98..3e4f995ae 100644 --- a/src/channels.cpp +++ b/src/channels.cpp @@ -304,7 +304,7 @@ chanrec* chanrec::JoinUser(InspIRCd* Instance, userrec *user, const char* cn, bo MOD_RESULT = 0; FOREACH_RESULT_I(Instance,I_OnCheckBan,OnCheckBan(user, Ptr)); char mask[MAXBUF]; - sprintf(mask,"%s!%s@%s",user->nick, user->ident, user->GetIPString()); + snprintf(mask, MAXBUF, "%s!%s@%s",user->nick, user->ident, user->GetIPString()); if (!MOD_RESULT) { if (Ptr->IsBanned(user)) @@ -443,7 +443,7 @@ chanrec* chanrec::ForceChan(InspIRCd* Instance, chanrec* Ptr,ucrec *a,userrec* u bool chanrec::IsBanned(userrec* user) { char mask[MAXBUF]; - sprintf(mask,"%s!%s@%s",user->nick, user->ident, user->GetIPString()); + snprintf(mask, MAXBUF, "%s!%s@%s", user->nick, user->ident, user->GetIPString()); for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++) { /* This allows CIDR ban matching diff --git a/src/cmd_modules.cpp b/src/cmd_modules.cpp index 22e3a32bb..3e7f63399 100644 --- a/src/cmd_modules.cpp +++ b/src/cmd_modules.cpp @@ -82,7 +82,7 @@ CmdResult cmd_modules::Handle (const char** parameters, int pcnt, userrec *user) if (ServerInstance->Config->implement_lists[i][it]) { snprintf(data,MAXBUF,"%s=>%c ",itab[it],(ServerInstance->Config->implement_lists[i][it] ? '1' : '0')); - strncat(dlist,data,MAXBUF); + strlcat(dlist,data,MAXBUF); } it++; } diff --git a/src/command_parse.cpp b/src/command_parse.cpp index 881e1abc7..8722a2145 100644 --- a/src/command_parse.cpp +++ b/src/command_parse.cpp @@ -518,7 +518,7 @@ bool CommandParser::ReloadCommand(const char* cmd) dlclose(command->second); RFCCommands.erase(command); - sprintf(filename, "cmd_%s.so", commandname); + snprintf(filename, MAXBUF, "cmd_%s.so", commandname); this->LoadCommand(filename); return true; diff --git a/src/modules/extra/m_pgsql.cpp b/src/modules/extra/m_pgsql.cpp index ed068fdf1..103c9edfc 100644 --- a/src/modules/extra/m_pgsql.cpp +++ b/src/modules/extra/m_pgsql.cpp @@ -523,7 +523,7 @@ public: sqlsuccess = new char[strlen(SQLSUCCESS)+1]; - strcpy(sqlsuccess, SQLSUCCESS); + strlcpy(sqlsuccess, SQLSUCCESS, strlen(SQLSUCCESS)+1); OnRehash(""); } diff --git a/src/modules/m_check.cpp b/src/modules/m_check.cpp index 86bc9cef5..17ed26e3a 100644 --- a/src/modules/m_check.cpp +++ b/src/modules/m_check.cpp @@ -127,7 +127,7 @@ class cmd_check : public command_t * find how many connections from this user's IP -- unlike Asuka, * I define a clone as coming from the same host. --w00t */ - sprintf(ptr, "%lu ", i->second->GlobalCloneCount()); + snprintf(ptr, MAXBUF, "%lu ", i->second->GlobalCloneCount()); if (flags & UCMODE_OP) { @@ -144,8 +144,8 @@ class cmd_check : public command_t strcat(ptr, "+"); } - sprintf(tmpbuf, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname); - strcat(ptr, tmpbuf); + snprintf(tmpbuf, MAXBUF, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname); + strlcat(ptr, tmpbuf, MAXBUF); user->WriteServ(checkstr + " member " + ptr); } diff --git a/src/modules/m_opermd5.cpp b/src/modules/m_opermd5.cpp index 1e085deae..57eb2c5ef 100644 --- a/src/modules/m_opermd5.cpp +++ b/src/modules/m_opermd5.cpp @@ -252,23 +252,17 @@ void MyMD5(void *dest, void *orig, int len) void GenHash(const char* src, char* dest) { - int i = 0; unsigned char bytes[16]; - char hash[1024]; - *hash = 0; + const char* xtab = "0123456789abcdef"; + MyMD5((char*)bytes,(void*)src,strlen(src)); - for (i = 0; i < 16; i++) + + for (int i = 0; i < 16; i++) { - const char* xtab = "0123456789abcdef"; - unsigned char lo = xtab[bytes[i] % 16]; - unsigned char hi = xtab[bytes[i] / 16]; - char hx[3]; - hx[0] = hi; - hx[1] = lo; - hx[2] = '\0'; - strcat(hash,hx); + *dest++ = xtab[bytes[i] % 16]; + *dest++ = xtab[bytes[i] / 16]; } - strcpy(dest,hash); + *dest++ = 0; } /** Handle /MKPASSWD diff --git a/src/modules/m_randquote.cpp b/src/modules/m_randquote.cpp index 46af34f63..b68eb5aa5 100644 --- a/src/modules/m_randquote.cpp +++ b/src/modules/m_randquote.cpp @@ -43,18 +43,16 @@ class cmd_randquote : public command_t { std::string str; int fsize; - char buf[MAXBUF]; + if (q_file == "" || quotes->Exists()) { fsize = quotes->FileSize(); str = quotes->GetLine(rand() % fsize); - sprintf(buf,"NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str()); - user->WriteServ(std::string(buf)); + user->WriteServ("NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str()); } else { - sprintf(buf, "NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick); - user->WriteServ(std::string(buf)); + user->WriteServ("NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick); return CMD_FAILURE; } return CMD_SUCCESS; diff --git a/src/modules/m_tline.cpp b/src/modules/m_tline.cpp index ccb560428..bde4737a7 100644 --- a/src/modules/m_tline.cpp +++ b/src/modules/m_tline.cpp @@ -57,7 +57,7 @@ class cmd_tline : public command_t else { char host[MAXBUF]; - sprintf(host, "%s@%s", u->second->ident, u->second->GetIPString()); + snprintf(host, MAXBUF, "%s@%s", u->second->ident, u->second->GetIPString()); if (match(host, parameters[0], true)) { n_matched++; -- cgit v1.2.3