From 36ec5bc4250b500a4661949fa3c55ec06635bbaf Mon Sep 17 00:00:00 2001 From: Nico Golde Date: Sat, 9 Aug 2008 13:45:46 +0200 Subject: [PATCH] - prepare 1.4 release - fix directory traversal using #../../ (not possible to overwrite arbitrary files, thus not marking as security fix) - general cleanup - documentation fixes (url, copyright, formatting) --- CHANGES | 8 ++++++++ LICENSE | 2 +- README | 30 ++++++++++++++++-------------- config.mk | 2 +- ii.1 | 4 +++- ii.c | 27 +++++++++++++-------------- 6 files changed, 42 insertions(+), 31 deletions(-) diff --git a/CHANGES b/CHANGES index 56c7eb6..001cdc1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +1.4 (2008-08-09): + - fix directory traversal on servers that support SAJOIN + NOTE: not marking as security relevant as it is only possible to + create directories outside (which is of course annoying) of the irc + hierarchy but not overwriting arbitrary files with the channel name. + - documentation fixes + - general cleanup + 1.3 (2007-07-14): - server messages about users (QUIT,JOIN) will no longer go to the user directories but to the server out file to diff --git a/LICENSE b/LICENSE index 587ec9f..dd0b65c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ MIT/X Consortium License (C)opyright MMV-MMVI Anselm R. Garbe -(C)opyright MMV-MMVII Nico Golde +(C)opyright MMV-MMVIII Nico Golde Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), diff --git a/README b/README index a677380..585b326 100644 --- a/README +++ b/README @@ -1,17 +1,17 @@ Abstract -------- -ii is a minimalistic FIFO and filesystem based IRC client. -It creates an irc directory tree with server, channel and -nick name directories. -In every directory a FIFO file (in) and and normal file (out) -is placed. -The in file is used to communicate with the servers and the out -files include the server messages. For every channel and every nick -name there will be new in and out files. -The basic idea of this is to be able to communicate with an IRC -server with standard command line tools. -For example if you want to join a channel just do echo "/j #channel" > in -and ii creates a new channel directory with in and out file. +ii is a minimalistic FIFO and filesystem based IRC client. It creates an irc +directory tree with server, channel and nick name directories. In every +directory a FIFO file (in) and and normal file (out) is placed. + +The in file is used to communicate with the servers and the out files include +the server messages. For every channel and every nick name there will be new in +and out files. + +The basic idea of this is to be able to communicate with an IRC server with +standard command line tools. For example if you want to join a channel just do +echo "/j #channel" > in and ii creates a new channel directory with in and out +file. Installation ------------ @@ -32,10 +32,12 @@ program and for example with vim. Run vim in the server directory and use key mapping like: map w1 :.w >> \#ii/in map w2 :.w >> \#wmii/in -to post to channels. +to post to channels. + If you use the next editor line for a new posting you can use ctrl-p for nick completion if you wrote the nick in the past. Thanks to Matthias Kopfermann for this hint. + You can find an example of how this nested environment could look like on: http://nion.modprobe.de/blog/archives/440-Using-the-ii-irc-client.html @@ -46,7 +48,7 @@ No configuration is needed. Changelog --------- Since I missed the chance to add a proper changelog right from the beginning, -please have a look at the commit messages on http://www.suckless.org/hg.rc/ii +please have a look at the commit messages on http://code.suckless.org/hg/ii/ they are fairly descriptive on releases prior to 1.2. Contact diff --git a/config.mk b/config.mk index f9cabd2..ac9a047 100644 --- a/config.mk +++ b/config.mk @@ -12,7 +12,7 @@ DESTDIR = INCDIR = ${PREFIX}/include LIBDIR = ${PREFIX}/lib -VERSION = 1.3 +VERSION = 1.4 # includes and libs INCLUDES = -I. -I${INCDIR} -I/usr/include diff --git a/ii.1 b/ii.1 index 5d80bbc..26d73a1 100644 --- a/ii.1 +++ b/ii.1 @@ -44,6 +44,8 @@ lets you override the default port (6667) .TP .BI \-k " password" lets you use a password to authenticate your nick on the server +(be aware of the problem that this is visible in the process list, if you +don't want this use a query to submit your password) .TP .BI \-i " prefix" lets you override the default irc path (~/irc) @@ -87,7 +89,7 @@ Write wrappers, pagers or use your tools of choice to display the out file conte Write to ii (at) modprobe (dot) de for suggestions, fixes, 7|-|>< ;) etc. .SH AUTHORS Copyright \(co 2005-2006 by Anselm R. Garbe and -Copyright \(co 2005-2007 by Nico Golde +Copyright \(co 2005-2008 by Nico Golde .SH SEE ALSO .BR echo (1), .BR tail (1), diff --git a/ii.c b/ii.c index 1fd2df9..e7d5528 100644 --- a/ii.c +++ b/ii.c @@ -52,9 +52,12 @@ static void usage() { " [-n ] [-k ] [-f ]\n"); exit(EXIT_SUCCESS); } -static char *lower(char *s) { +static char *striplower(char *s) { char *p = NULL; - for(p = s; p && *p; p++) *p = tolower(*p); + for(p = s; p && *p; p++) { + if(*p == '/') *p = '_'; + *p = tolower(*p); + } return s; } @@ -79,10 +82,10 @@ static void create_dirtree(const char *dir) { static int get_filepath(char *filepath, size_t len, char *channel, char *file) { if(channel) { - if(!snprintf(filepath, len, "%s/%s", path, lower(channel))) + if(!snprintf(filepath, len, "%s/%s", path, striplower(channel))) return 0; create_dirtree(filepath); - return snprintf(filepath, len, "%s/%s/%s", path,lower(channel), file); + return snprintf(filepath, len, "%s/%s/%s", path, striplower(channel), file); } return snprintf(filepath, len, "%s/%s", path, file); } @@ -200,10 +203,8 @@ static size_t tokenize(char **result, size_t reslen, char *str, char delim) { } static void print_out(char *channel, char *buf) { - static char outfile[256]; - static char server[256]; - FILE *out; - static char buft[18]; + static char outfile[256], server[256], buft[18]; + FILE *out = NULL; time_t t = time(0); if(channel) snprintf(server, sizeof(server), "-!- %s", channel); @@ -300,8 +301,7 @@ static void proc_server_cmd(char *buf) { for(i = 0; i < TOK_LAST; i++) argv[i] = NULL; - /* - ::= [':' ] + /* ::= [':' ] ::= | [ '!' ] [ '@' ] ::= { } | ::= ' ' { ' ' } @@ -309,8 +309,8 @@ static void proc_server_cmd(char *buf) { ::= ::= - ::= CR LF - */ + ::= CR LF */ + if(buf[0] == ':') { /* check prefix */ if (!(p = strchr(buf, ' '))) return; *p = 0; @@ -462,9 +462,8 @@ int main(int argc, char *argv[]) { int i; unsigned short port = SERVER_PORT; struct passwd *spw = getpwuid(getuid()); - char *key = NULL; + char *key = NULL, *fullname = NULL; char prefix[_POSIX_PATH_MAX]; - char *fullname = NULL; if(!spw) { fprintf(stderr,"ii: getpwuid() failed\n");