commit ce3215acafe3d611c336a4d1e80bde93857b9539 from: Alexander Barton date: Fri May 30 13:12:17 2008 UTC Don't allow stray \r or \n in command parameters If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n", "arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead to output like: :ngircd.test.server 322 nick #chan 1 : topicwithprecedingnewline :ngircd.test.server 322 nick #nxtchan 1 : [..] Worse, this allows clients to piggyback irc commands, e.g. "TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which causes the client to receive a JOIN command during /LIST output. Bug reported by Scott Perry, first patch by Florian Westphal. (cherry picked from commit 8644cbf197807909e4caea184278872cdeca1963) commit - edb59b8317e3b159d7080642b4a95b3d9a92e677 commit + ce3215acafe3d611c336a4d1e80bde93857b9539 blob - 5cfeaaa8a9fa05ba1c5e81a5cf612c6bb77c23d1 blob + 7be52710f9a3df471fc3264d33a507109389c157 --- src/ngircd/parse.c +++ src/ngircd/parse.c @@ -1,6 +1,6 @@ /* * ngIRCd -- The Next Generation IRC Daemon - * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de) + * Copyright (c)2001-2008 Alexander Barton (alex@barton.de) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -9,11 +9,8 @@ * Please read the file COPYING, README and AUTHORS for more information. */ - #include "portab.h" -static char UNUSED id[] = "$Id: parse.c,v 1.72 2008/02/17 13:26:42 alex Exp $"; - /** * @file * IRC command parser and validator. @@ -338,12 +335,25 @@ Validate_Command( UNUSED CONN_ID Idx, UNUSED REQUEST * static bool -Validate_Args( UNUSED CONN_ID Idx, UNUSED REQUEST *Req, bool *Closed ) +Validate_Args(CONN_ID Idx, REQUEST *Req, bool *Closed) { + int i; + assert( Idx >= 0 ); assert( Req != NULL ); *Closed = false; + for (i = 0; i < Req->argc; i++) { + if (strchr(Req->argv[i], '\r') || strchr(Req->argv[i], '\n')) { + Log(LOG_ERR, + "Invalid character(s) in parameter (connection %d, command %s)!?", + Idx, Req->command); + if (!Conn_WriteStr(Idx, + "ERROR :Invalid character(s) in parameter!")) + *Closed = true; + return false; + } + } return true; } /* Validate_Args */