From f84476cf87b1740ddbd7b3d829f417c51c7bd039 Mon Sep 17 00:00:00 2001 From: Diogo Sousa Date: Sat, 8 Jun 2013 02:56:36 +0100 Subject: [PATCH 1/2] Fixed possible overflow in create_mask(). --- src/common/outbound.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/common/outbound.c b/src/common/outbound.c index 1e90016e..84240a47 100644 --- a/src/common/outbound.c +++ b/src/common/outbound.c @@ -487,19 +487,19 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop) switch (type) { case 0: - snprintf (tbuf, TBUFSIZE, "%s%s *!*@%s.*", mode, p2, domain); + snprintf (tbuf, sizeof (tbuf), "%s%s *!*@%s.*", mode, p2, domain); break; case 1: - snprintf (tbuf, TBUFSIZE, "%s%s *!*@%s", mode, p2, fullhost); + snprintf (tbuf, sizeof (tbuf), "%s%s *!*@%s", mode, p2, fullhost); break; case 2: - snprintf (tbuf, TBUFSIZE, "%s%s *!%s@%s.*", mode, p2, username, domain); + snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@%s.*", mode, p2, username, domain); break; case 3: - snprintf (tbuf, TBUFSIZE, "%s%s *!%s@%s", mode, p2, username, fullhost); + snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@%s", mode, p2, username, fullhost); break; } } else @@ -507,26 +507,26 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop) switch (type) { case 0: - snprintf (tbuf, TBUFSIZE, "%s%s *!*@*%s", mode, p2, domain); + snprintf (tbuf, sizeof (tbuf), "%s%s *!*@*%s", mode, p2, domain); break; case 1: - snprintf (tbuf, TBUFSIZE, "%s%s *!*@%s", mode, p2, fullhost); + snprintf (tbuf, sizeof (tbuf), "%s%s *!*@%s", mode, p2, fullhost); break; case 2: - snprintf (tbuf, TBUFSIZE, "%s%s *!%s@*%s", mode, p2, username, domain); + snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@*%s", mode, p2, username, domain); break; case 3: - snprintf (tbuf, TBUFSIZE, "%s%s *!%s@%s", mode, p2, username, fullhost); + snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@%s", mode, p2, username, fullhost); break; } } } else { - snprintf (tbuf, TBUFSIZE, "%s %s", mode, mask); + snprintf (tbuf, sizeof (tbuf), "%s %s", mode, mask); } return g_strdup (tbuf); From 97e88b885a167c8e8b56d200f7b1c692dd20c838 Mon Sep 17 00:00:00 2001 From: Diogo Sousa Date: Sat, 8 Jun 2013 03:01:36 +0100 Subject: [PATCH 2/2] Renamed tbuf to buf in create_mask() to avoid confusion. --- src/common/outbound.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/common/outbound.c b/src/common/outbound.c index 84240a47..120bb241 100644 --- a/src/common/outbound.c +++ b/src/common/outbound.c @@ -423,7 +423,7 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop) int type; struct User *user; char *at, *dot, *lastdot; - char username[64], fullhost[128], domain[128], tbuf[512], *p2; + char username[64], fullhost[128], domain[128], buf[512], *p2; user = userlist_find (sess, mask); if (user && user->hostname) /* it's a nickname, let's find a proper ban mask */ @@ -473,7 +473,7 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop) else type = prefs.hex_irc_ban_type; - tbuf[0] = 0; + buf[0] = 0; if (inet_addr (fullhost) != -1) /* "fullhost" is really a IP number */ { lastdot = strrchr (fullhost, '.'); @@ -487,19 +487,19 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop) switch (type) { case 0: - snprintf (tbuf, sizeof (tbuf), "%s%s *!*@%s.*", mode, p2, domain); + snprintf (buf, sizeof (buf), "%s%s *!*@%s.*", mode, p2, domain); break; case 1: - snprintf (tbuf, sizeof (tbuf), "%s%s *!*@%s", mode, p2, fullhost); + snprintf (buf, sizeof (buf), "%s%s *!*@%s", mode, p2, fullhost); break; case 2: - snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@%s.*", mode, p2, username, domain); + snprintf (buf, sizeof (buf), "%s%s *!%s@%s.*", mode, p2, username, domain); break; case 3: - snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@%s", mode, p2, username, fullhost); + snprintf (buf, sizeof (buf), "%s%s *!%s@%s", mode, p2, username, fullhost); break; } } else @@ -507,29 +507,29 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop) switch (type) { case 0: - snprintf (tbuf, sizeof (tbuf), "%s%s *!*@*%s", mode, p2, domain); + snprintf (buf, sizeof (buf), "%s%s *!*@*%s", mode, p2, domain); break; case 1: - snprintf (tbuf, sizeof (tbuf), "%s%s *!*@%s", mode, p2, fullhost); + snprintf (buf, sizeof (buf), "%s%s *!*@%s", mode, p2, fullhost); break; case 2: - snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@*%s", mode, p2, username, domain); + snprintf (buf, sizeof (buf), "%s%s *!%s@*%s", mode, p2, username, domain); break; case 3: - snprintf (tbuf, sizeof (tbuf), "%s%s *!%s@%s", mode, p2, username, fullhost); + snprintf (buf, sizeof (buf), "%s%s *!%s@%s", mode, p2, username, fullhost); break; } } } else { - snprintf (tbuf, sizeof (tbuf), "%s %s", mode, mask); + snprintf (buf, sizeof (buf), "%s %s", mode, mask); } - return g_strdup (tbuf); + return g_strdup (buf); } static void