From 83c7cc45daf6fb1f8c36f15297a4657e45a34e88 Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Sun, 23 Sep 2012 02:51:16 +0200 Subject: Fix undefined behavior caused by referencing the returned buffer by std::string::c_str() when the object is temporary Thanks to @ChrisTX for pointing this out Fixes #257 reported by @helloall --- src/configreader.cpp | 11 +++++++---- src/modules/m_alias.cpp | 3 ++- src/modules/m_httpd.cpp | 2 +- src/modules/m_operlevels.cpp | 7 +++++-- src/modules/m_spanningtree/utils.cpp | 3 ++- src/users.cpp | 6 ++++-- 6 files changed, 21 insertions(+), 11 deletions(-) diff --git a/src/configreader.cpp b/src/configreader.cpp index 37742cc9f..b5db19fa1 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -576,22 +576,25 @@ void ServerConfig::Fill() ReadXLine(this, "exception", "host", ServerInstance->XLines->GetFactory("E")); memset(DisabledUModes, 0, sizeof(DisabledUModes)); - for (const unsigned char* p = (const unsigned char*)ConfValue("disabled")->getString("usermodes").c_str(); *p; ++p) + std::string modes = ConfValue("disabled")->getString("usermodes"); + for (std::string::const_iterator p = modes.begin(); p != modes.end(); ++p) { if (*p < 'A' || *p > ('A' + 64)) throw CoreException(std::string("Invalid usermode ")+(char)*p+" was found."); DisabledUModes[*p - 'A'] = 1; } memset(DisabledCModes, 0, sizeof(DisabledCModes)); - for (const unsigned char* p = (const unsigned char*)ConfValue("disabled")->getString("chanmodes").c_str(); *p; ++p) + modes = ConfValue("disabled")->getString("chanmodes"); + for (std::string::const_iterator p = modes.begin(); p != modes.end(); ++p) { if (*p < 'A' || *p > ('A' + 64)) throw CoreException(std::string("Invalid chanmode ")+(char)*p+" was found."); DisabledCModes[*p - 'A'] = 1; } memset(HideModeLists, 0, sizeof(HideModeLists)); - for (const unsigned char* p = (const unsigned char*)ConfValue("security")->getString("hidemodes").c_str(); *p; ++p) - HideModeLists[*p] = true; + modes = ConfValue("security")->getString("hidemodes"); + for (std::string::const_iterator p = modes.begin(); p != modes.end(); ++p) + HideModeLists[(unsigned char) *p] = true; std::string v = security->getString("announceinvites"); diff --git a/src/modules/m_alias.cpp b/src/modules/m_alias.cpp index ec426fe9b..6cb336c83 100644 --- a/src/modules/m_alias.cpp +++ b/src/modules/m_alias.cpp @@ -87,7 +87,8 @@ class ModuleAlias : public Module { ConfigTag* tag = i->second; Alias a; - a.AliasedCommand = tag->getString("text").c_str(); + std::string aliastext = tag->getString("text"); + a.AliasedCommand = aliastext.c_str(); tag->readString("replace", a.ReplaceFormat, true); a.RequiredNick = tag->getString("requires"); a.ULineOnly = tag->getBool("uline"); diff --git a/src/modules/m_httpd.cpp b/src/modules/m_httpd.cpp index 0584e97c5..bf86c9091 100644 --- a/src/modules/m_httpd.cpp +++ b/src/modules/m_httpd.cpp @@ -282,7 +282,7 @@ class HttpServerSocket : public BufferedSocket return; } - if (headers.IsSet("Content-Length") && (postsize = atoi(headers.GetHeader("Content-Length").c_str())) != 0) + if (headers.IsSet("Content-Length") && (postsize = ConvToInt(headers.GetHeader("Content-Length"))) != 0) { InternalState = HTTP_SERVE_RECV_POSTDATA; diff --git a/src/modules/m_operlevels.cpp b/src/modules/m_operlevels.cpp index 7e28f6c21..4fc4c6aef 100644 --- a/src/modules/m_operlevels.cpp +++ b/src/modules/m_operlevels.cpp @@ -42,8 +42,11 @@ class ModuleOperLevels : public Module // oper killing an oper? if (IS_OPER(dest) && IS_OPER(source)) { - long dest_level = atol(dest->oper->getConfig("level").c_str()); - long source_level = atol(source->oper->getConfig("level").c_str()); + std::string level = dest->oper->getConfig("level"); + long dest_level = atol(level.c_str()); + level = source->oper->getConfig("level"); + long source_level = atol(level.c_str()); + if (dest_level > source_level) { if (IS_LOCAL(source)) ServerInstance->SNO->WriteGlobalSno('a', "Oper %s (level %ld) attempted to /kill a higher oper: %s (level %ld): Reason: %s",source->nick.c_str(),source_level,dest->nick.c_str(),dest_level,reason.c_str()); diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp index 75d4eaca3..11fdeb6cc 100644 --- a/src/modules/m_spanningtree/utils.cpp +++ b/src/modules/m_spanningtree/utils.cpp @@ -374,7 +374,8 @@ void SpanningTreeUtilities::ReadConfiguration() { ConfigTag* tag = i->second; reference L = new Link(tag); - L->Name = tag->getString("name").c_str(); + std::string linkname = tag->getString("name"); + L->Name = linkname.c_str(); L->AllowMask = tag->getString("allowmask"); L->IPAddr = tag->getString("ipaddr"); L->Port = tag->getInt("port"); diff --git a/src/users.cpp b/src/users.cpp index f211f6b49..a4af8914b 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -633,7 +633,8 @@ void OperInfo::init() AllowedPrivs.insert(mypriv); } - for (unsigned char* c = (unsigned char*)tag->getString("usermodes").c_str(); *c; ++c) + std::string modes = tag->getString("usermodes"); + for (std::string::const_iterator c = modes.begin(); c != modes.end(); ++c) { if (*c == '*') { @@ -645,7 +646,8 @@ void OperInfo::init() } } - for (unsigned char* c = (unsigned char*)tag->getString("chanmodes").c_str(); *c; ++c) + modes = tag->getString("chanmodes"); + for (std::string::const_iterator c = modes.begin(); c != modes.end(); ++c) { if (*c == '*') { -- cgit v1.2.3