- prepare 1.4 release

- fix directory traversal using #../../ (not possible to overwrite arbitrary files, thus not marking as security fix)
- general cleanup
- documentation fixes (url, copyright, formatting)

CHANGES

@@ -1,3 +1,11 @@
+1.4 (2008-08-09):
+    - fix directory traversal on servers that support SAJOIN
+      NOTE: not marking as security relevant as it is only possible to
+      create directories outside (which is of course annoying) of the irc
+      hierarchy but not overwriting arbitrary files with the channel name.
+    - documentation fixes
+    - general cleanup
+
 1.3 (2007-07-14):
     - server messages about users (QUIT,JOIN) will no longer
       go to the user directories but to the server out file to

LICENSE

@@ -1,7 +1,7 @@
 MIT/X Consortium License
 
 (C)opyright MMV-MMVI Anselm R. Garbe <garbeam@wmii.de>
-(C)opyright MMV-MMVII Nico Golde <nico at ngolde dot de>
+(C)opyright MMV-MMVIII Nico Golde <nico at ngolde dot de>
 
 Permission is hereby granted, free of charge, to any person obtaining a
 copy of this software and associated documentation files (the "Software"),

README

@@ -1,17 +1,17 @@
 Abstract
 --------
-ii is a minimalistic FIFO and filesystem based IRC client.
+ii is a minimalistic FIFO and filesystem based IRC client.  It creates an irc
-It creates an irc directory tree with server, channel and
+directory tree with server, channel and nick name directories.  In every
-nick name directories.
+directory a FIFO file (in) and and normal file (out) is placed.
-In every directory a FIFO file (in) and and normal file (out)
+
-is placed.
+The in file is used to communicate with the servers and the out files include
-The in file is used to communicate with the servers and the out
+the server messages. For every channel and every nick name there will be new in
-files include the server messages. For every channel and every nick
+and out files.
-name there will be new in and out files.
+
-The basic idea of this is to be able to communicate with an IRC
+The basic idea of this is to be able to communicate with an IRC server with
-server with standard command line tools.
+standard command line tools.  For example if you want to join a channel just do
-For example if you want to join a channel just do echo "/j #channel" > in
+echo "/j #channel" > in and ii creates a new channel directory with in and out
-and ii creates a new channel directory with in and out file.
+file.
 
 Installation
 ------------
@@ -32,10 +32,12 @@ program and for example with vim. Run vim in the server directory and use
 key mapping like:
 map w1 :.w >> \#ii/in<cr>
 map w2 :.w >> \#wmii/in<cr>
-to post to channels. 
+to post to channels.
+
 If you use the next editor line for a new posting you can use ctrl-p for nick
 completion if you wrote the nick in the past.
 Thanks to Matthias Kopfermann for this hint.
+
 You can find an example of how this nested environment could look like on:
 http://nion.modprobe.de/blog/archives/440-Using-the-ii-irc-client.html
 
@@ -46,7 +48,7 @@ No configuration is needed.
 Changelog
 ---------
 Since I missed the chance to add a proper changelog right from the beginning,
-please have a look at the commit messages on http://www.suckless.org/hg.rc/ii
+please have a look at the commit messages on http://code.suckless.org/hg/ii/
 they are fairly descriptive on releases prior to 1.2.
 
 Contact

config.mk

@@ -12,7 +12,7 @@ DESTDIR     =
 
 INCDIR      = ${PREFIX}/include
 LIBDIR      = ${PREFIX}/lib
-VERSION     = 1.3
+VERSION     = 1.4
 
 # includes and libs
 INCLUDES    = -I. -I${INCDIR} -I/usr/include

ii.1

@@ -44,6 +44,8 @@ lets you override the default port (6667)
 .TP
 .BI \-k " password"
 lets you use a password to authenticate your nick on the server
+(be aware of the problem that this is visible in the process list, if you
+don't want this use a query to submit your password)
 .TP
 .BI \-i " prefix"
 lets you override the default irc path (~/irc)
@@ -87,7 +89,7 @@ Write wrappers, pagers or use your tools of choice to display the out file conte
 Write to ii (at) modprobe (dot) de for suggestions, fixes, 7|-|>< ;) etc.
 .SH AUTHORS
 Copyright \(co 2005-2006 by Anselm R. Garbe <garbeam (at) gmail (dot) com> and 
-Copyright \(co 2005-2007 by Nico Golde <nico (at) ngolde (dot) de>
+Copyright \(co 2005-2008 by Nico Golde <nico (at) ngolde (dot) de>
 .SH SEE ALSO
 .BR echo (1),
 .BR tail (1),

ii.c

@@ -52,9 +52,12 @@ static void usage() {
 			"          [-n <nick>] [-k <password>] [-f <fullname>]\n");
 	exit(EXIT_SUCCESS);
 }
-static char *lower(char *s) {
+static char *striplower(char *s) {
 	char *p = NULL;
-	for(p = s; p && *p; p++) *p = tolower(*p);
+	for(p = s; p && *p; p++) {
+		if(*p == '/') *p = '_';
+		*p = tolower(*p);
+	}
 	return s;
 }
 
@@ -79,10 +82,10 @@ static void create_dirtree(const char *dir) {
 
 static int get_filepath(char *filepath, size_t len, char *channel, char *file) {
 	if(channel) {
-		if(!snprintf(filepath, len, "%s/%s", path, lower(channel)))
+		if(!snprintf(filepath, len, "%s/%s", path, striplower(channel)))
 			return 0;
 		create_dirtree(filepath);
-		return snprintf(filepath, len, "%s/%s/%s", path,lower(channel), file);
+		return snprintf(filepath, len, "%s/%s/%s", path, striplower(channel), file);
 	}
 	return snprintf(filepath, len, "%s/%s", path, file);
 }
@@ -200,10 +203,8 @@ static size_t tokenize(char **result, size_t reslen, char *str, char delim) {
 }
 
 static void print_out(char *channel, char *buf) {
-	static char outfile[256];
+	static char outfile[256], server[256], buft[18];
-	static char server[256];
+	FILE *out = NULL;
-	FILE *out;
-	static char buft[18];
 	time_t t = time(0);
 
 	if(channel) snprintf(server, sizeof(server), "-!- %s", channel);
@@ -300,8 +301,7 @@ static void proc_server_cmd(char *buf) {
 
 	for(i = 0; i < TOK_LAST; i++)
 		argv[i] = NULL;
-	/*
+	/* <message>  ::= [':' <prefix> <SPACE> ] <command> <params> <crlf>
-	   <message>  ::= [':' <prefix> <SPACE> ] <command> <params> <crlf>
 	   <prefix>   ::= <servername> | <nick> [ '!' <user> ] [ '@' <host> ]
 	   <command>  ::= <letter> { <letter> } | <number> <number> <number>
 	   <SPACE>    ::= ' ' { ' ' }
@@ -309,8 +309,8 @@ static void proc_server_cmd(char *buf) {
 	   <middle>   ::= <Any *non-empty* sequence of octets not including SPACE
 	   or NUL or CR or LF, the first of which may not be ':'>
 	   <trailing> ::= <Any, possibly *empty*, sequence of octets not including NUL or CR or LF>
-	   <crlf>     ::= CR LF
+	   <crlf>     ::= CR LF */
-	   */
+
 	if(buf[0] == ':') {		/* check prefix */
 		if (!(p = strchr(buf, ' '))) return;
 		*p = 0;
@@ -462,9 +462,8 @@ int main(int argc, char *argv[]) {
 	int i;
 	unsigned short port = SERVER_PORT;
 	struct passwd *spw = getpwuid(getuid());
-	char *key = NULL;
+	char *key = NULL, *fullname = NULL;
 	char prefix[_POSIX_PATH_MAX];
-	char *fullname = NULL;
 
 	if(!spw) {
 		fprintf(stderr,"ii: getpwuid() failed\n");