Merge pull request #641 from orium/possible-buffer-overflow-fix
Fixed possible overflow in create_mask().
This commit is contained in:
commit
2e014bbc72
@ -423,7 +423,7 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop)
|
|||||||
int type;
|
int type;
|
||||||
struct User *user;
|
struct User *user;
|
||||||
char *at, *dot, *lastdot;
|
char *at, *dot, *lastdot;
|
||||||
char username[64], fullhost[128], domain[128], tbuf[512], *p2;
|
char username[64], fullhost[128], domain[128], buf[512], *p2;
|
||||||
|
|
||||||
user = userlist_find (sess, mask);
|
user = userlist_find (sess, mask);
|
||||||
if (user && user->hostname) /* it's a nickname, let's find a proper ban mask */
|
if (user && user->hostname) /* it's a nickname, let's find a proper ban mask */
|
||||||
@ -473,7 +473,7 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop)
|
|||||||
else
|
else
|
||||||
type = prefs.hex_irc_ban_type;
|
type = prefs.hex_irc_ban_type;
|
||||||
|
|
||||||
tbuf[0] = 0;
|
buf[0] = 0;
|
||||||
if (inet_addr (fullhost) != -1) /* "fullhost" is really a IP number */
|
if (inet_addr (fullhost) != -1) /* "fullhost" is really a IP number */
|
||||||
{
|
{
|
||||||
lastdot = strrchr (fullhost, '.');
|
lastdot = strrchr (fullhost, '.');
|
||||||
@ -487,19 +487,19 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop)
|
|||||||
switch (type)
|
switch (type)
|
||||||
{
|
{
|
||||||
case 0:
|
case 0:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!*@%s.*", mode, p2, domain);
|
snprintf (buf, sizeof (buf), "%s%s *!*@%s.*", mode, p2, domain);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 1:
|
case 1:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!*@%s", mode, p2, fullhost);
|
snprintf (buf, sizeof (buf), "%s%s *!*@%s", mode, p2, fullhost);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 2:
|
case 2:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!%s@%s.*", mode, p2, username, domain);
|
snprintf (buf, sizeof (buf), "%s%s *!%s@%s.*", mode, p2, username, domain);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 3:
|
case 3:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!%s@%s", mode, p2, username, fullhost);
|
snprintf (buf, sizeof (buf), "%s%s *!%s@%s", mode, p2, username, fullhost);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
@ -507,29 +507,29 @@ create_mask (session * sess, char *mask, char *mode, char *typestr, int deop)
|
|||||||
switch (type)
|
switch (type)
|
||||||
{
|
{
|
||||||
case 0:
|
case 0:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!*@*%s", mode, p2, domain);
|
snprintf (buf, sizeof (buf), "%s%s *!*@*%s", mode, p2, domain);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 1:
|
case 1:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!*@%s", mode, p2, fullhost);
|
snprintf (buf, sizeof (buf), "%s%s *!*@%s", mode, p2, fullhost);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 2:
|
case 2:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!%s@*%s", mode, p2, username, domain);
|
snprintf (buf, sizeof (buf), "%s%s *!%s@*%s", mode, p2, username, domain);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 3:
|
case 3:
|
||||||
snprintf (tbuf, TBUFSIZE, "%s%s *!%s@%s", mode, p2, username, fullhost);
|
snprintf (buf, sizeof (buf), "%s%s *!%s@%s", mode, p2, username, fullhost);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} else
|
} else
|
||||||
{
|
{
|
||||||
snprintf (tbuf, TBUFSIZE, "%s %s", mode, mask);
|
snprintf (buf, sizeof (buf), "%s %s", mode, mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
return g_strdup (tbuf);
|
return g_strdup (buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
Loading…
Reference in New Issue
Block a user