summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Changes1
-rw-r--r--src/core/cs_getpass.c2
-rw-r--r--src/core/cs_sendpass.c8
-rw-r--r--src/core/cs_set.c4
-rw-r--r--src/core/ns_getpass.c2
-rw-r--r--src/core/ns_register.c2
-rw-r--r--src/core/ns_saset.c8
-rw-r--r--src/core/ns_sendpass.c10
-rw-r--r--src/core/ns_set.c8
-rw-r--r--src/mysql.c2
-rw-r--r--version.log6
11 files changed, 27 insertions, 26 deletions
diff --git a/Changes b/Changes
index bf15f6e07..057f95cd8 100644
--- a/Changes
+++ b/Changes
@@ -2,6 +2,7 @@ Anope Version S V N
--------------------
09/18 R Removed password truncating. [ #00]
09/15 F Dealt with the nss_dns.so.1 issue on freebsd 7. [ #00]
+09/23 F Fixed numerous possible buffer overflows in NS and CS. [ #00]
Provided by Robin Burchell <w00t@inspircd.org> - 2008
09/22 F Enabled UMODE functionality for InspIRCd 1.1 [ #00]
diff --git a/src/core/cs_getpass.c b/src/core/cs_getpass.c
index 94ec03efa..458488cf0 100644
--- a/src/core/cs_getpass.c
+++ b/src/core/cs_getpass.c
@@ -84,7 +84,7 @@ int do_getpass(User * u)
} else if (CSRestrictGetPass && !is_services_root(u)) {
notice_lang(s_ChanServ, u, PERMISSION_DENIED);
} else {
- if(enc_decrypt(ci->founderpass,tmp_pass,PASSMAX)==1) {
+ if(enc_decrypt(ci->founderpass, tmp_pass, PASSMAX - 1)==1) {
alog("%s: %s!%s@%s used GETPASS on %s",
s_ChanServ, u->nick, u->username, u->host, ci->name);
if (WallGetpass) {
diff --git a/src/core/cs_sendpass.c b/src/core/cs_sendpass.c
index 53926dcb7..ff3bb1cff 100644
--- a/src/core/cs_sendpass.c
+++ b/src/core/cs_sendpass.c
@@ -86,8 +86,8 @@ int do_sendpass(User * u)
notice_lang(s_ChanServ, u, CHAN_X_FORBIDDEN, chan);
} else {
char buf[BUFSIZE];
- char tmp_pass[PASSMAX];
- if(enc_decrypt(ci->founderpass,tmp_pass,PASSMAX)==1) {
+ char tmp_pass[PASSMAX];
+ if(enc_decrypt(ci->founderpass,tmp_pass,PASSMAX - 1)==1) {
MailInfo *mail;
snprintf(buf, sizeof(buf),
@@ -118,8 +118,8 @@ int do_sendpass(User * u)
u->username, u->host, chan);
notice_lang(s_ChanServ, u, CHAN_SENDPASS_OK, chan);
} else {
- notice_lang(s_ChanServ, u, CHAN_SENDPASS_UNAVAILABLE);
- }
+ notice_lang(s_ChanServ, u, CHAN_SENDPASS_UNAVAILABLE);
+ }
}
return MOD_CONT;
}
diff --git a/src/core/cs_set.c b/src/core/cs_set.c
index 9225f434f..ccdf1e9bb 100644
--- a/src/core/cs_set.c
+++ b/src/core/cs_set.c
@@ -373,12 +373,12 @@ int do_set_password(User * u, ChannelInfo * ci, char *param)
return MOD_CONT;
}
- if (enc_encrypt_check_len(len ,PASSMAX)) {
+ if (enc_encrypt_check_len(len ,PASSMAX - 1)) {
notice_lang(s_ChanServ, u, PASSWORD_TOO_LONG);
return MOD_CONT;
}
- if (enc_encrypt(param, len, ci->founderpass, PASSMAX) < 0) {
+ if (enc_encrypt(param, len, ci->founderpass, PASSMAX -1) < 0) {
memset(param, 0, strlen(param));
alog("%s: Failed to encrypt password for %s (set)", s_ChanServ,
ci->name);
diff --git a/src/core/ns_getpass.c b/src/core/ns_getpass.c
index d15f5d086..946102389 100644
--- a/src/core/ns_getpass.c
+++ b/src/core/ns_getpass.c
@@ -96,7 +96,7 @@ int do_getpass(User * u)
} else if (NSRestrictGetPass && !is_services_root(u)) {
notice_lang(s_NickServ, u, PERMISSION_DENIED);
} else {
- if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX)==1) {
+ if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX - 1)==1) {
alog("%s: %s!%s@%s used GETPASS on %s", s_NickServ, u->nick,
u->username, u->host, nick);
if (WallGetpass)
diff --git a/src/core/ns_register.c b/src/core/ns_register.c
index 9886fbf3a..30046a7f8 100644
--- a/src/core/ns_register.c
+++ b/src/core/ns_register.c
@@ -365,7 +365,7 @@ int do_confirm(User * u)
u->nick);
send_event(EVENT_NICK_REGISTERED, 1, u->nick);
- if(enc_decrypt(na->nc->pass, tmp_pass, PASSMAX - 1)==1)
+ if(enc_decrypt(na->nc->pass, tmp_pass, PASSMAX - 1)==1)
notice_lang(s_NickServ, u, NICK_PASSWORD_IS, tmp_pass);
u->lastnickreg = time(NULL);
diff --git a/src/core/ns_saset.c b/src/core/ns_saset.c
index 937ccd42b..bc5c1af00 100644
--- a/src/core/ns_saset.c
+++ b/src/core/ns_saset.c
@@ -235,7 +235,7 @@ int do_saset_password(User * u, NickCore * nc, char *param)
|| (StrictPasswords && len < 5)) {
notice_lang(s_NickServ, u, MORE_OBSCURE_PASSWORD);
return MOD_CONT;
- } else if (enc_encrypt_check_len(len ,PASSMAX)) {
+ } else if (enc_encrypt_check_len(len ,PASSMAX - 1)) {
notice_lang(s_NickServ, u, PASSWORD_TOO_LONG);
return MOD_CONT;
}
@@ -244,8 +244,7 @@ int do_saset_password(User * u, NickCore * nc, char *param)
free(nc->pass);
nc->pass = smalloc(PASSMAX);
-
- if (enc_encrypt(param, len, nc->pass, PASSMAX) < 0) {
+ if (enc_encrypt(param, len, nc->pass, PASSMAX - 1) < 0) {
memset(param, 0, len);
alog("%s: Failed to encrypt password for %s (set)", s_NickServ,
nc->display);
@@ -253,10 +252,9 @@ int do_saset_password(User * u, NickCore * nc, char *param)
nc->display);
return MOD_CONT;
}
-
memset(param, 0, len);
- if(enc_decrypt(nc->pass,tmp_pass,PASSMAX)==1) {
+ if(enc_decrypt(nc->pass,tmp_pass,PASSMAX - 1)==1) {
notice_lang(s_NickServ, u, NICK_SASET_PASSWORD_CHANGED_TO, nc->display,
tmp_pass);
} else {
diff --git a/src/core/ns_sendpass.c b/src/core/ns_sendpass.c
index e0b595558..ce1834167 100644
--- a/src/core/ns_sendpass.c
+++ b/src/core/ns_sendpass.c
@@ -83,8 +83,8 @@ int do_sendpass(User * u)
notice_lang(s_NickServ, u, NICK_X_FORBIDDEN, na->nick);
} else {
char buf[BUFSIZE];
- char tmp_pass[PASSMAX];
- if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX)==1) {
+ char tmp_pass[PASSMAX];
+ if(enc_decrypt(na->nc->pass,tmp_pass,PASSMAX - 1)==1) {
MailInfo *mail;
snprintf(buf, sizeof(buf), getstring(na, NICK_SENDPASS_SUBJECT),
@@ -113,9 +113,9 @@ int do_sendpass(User * u)
alog("%s: %s!%s@%s used SENDPASS on %s", s_NickServ, u->nick,
u->username, u->host, nick);
notice_lang(s_NickServ, u, NICK_SENDPASS_OK, nick);
- } else {
- notice_lang(s_NickServ, u, NICK_SENDPASS_UNAVAILABLE);
- }
+ } else {
+ notice_lang(s_NickServ, u, NICK_SENDPASS_UNAVAILABLE);
+ }
}
return MOD_CONT;
diff --git a/src/core/ns_set.c b/src/core/ns_set.c
index 00c712e34..2234a4899 100644
--- a/src/core/ns_set.c
+++ b/src/core/ns_set.c
@@ -208,7 +208,7 @@ int do_set_password(User * u, NickCore * nc, char *param)
if (stricmp(nc->display, param) == 0 || (StrictPasswords && len < 5)) {
notice_lang(s_NickServ, u, MORE_OBSCURE_PASSWORD);
return MOD_CONT;
- } else if (enc_encrypt_check_len(len ,PASSMAX)) {
+ } else if (enc_encrypt_check_len(len ,PASSMAX - 1)) {
notice_lang(s_NickServ, u, PASSWORD_TOO_LONG);
return MOD_CONT;
}
@@ -217,18 +217,16 @@ int do_set_password(User * u, NickCore * nc, char *param)
free(nc->pass);
nc->pass = smalloc(PASSMAX);
-
- if (enc_encrypt(param, len, nc->pass, PASSMAX) < 0) {
+ if (enc_encrypt(param, len, nc->pass, PASSMAX - 1) < 0) {
memset(param, 0, len);
alog("%s: Failed to encrypt password for %s (set)", s_NickServ,
nc->display);
notice_lang(s_NickServ, u, NICK_SET_PASSWORD_FAILED);
return MOD_CONT;
}
-
memset(param, 0, len);
- if(enc_decrypt(nc->pass,tmp_pass,PASSMAX)==1) {
+ if(enc_decrypt(nc->pass,tmp_pass,PASSMAX - 1)==1) {
notice_lang(s_NickServ, u, NICK_SET_PASSWORD_CHANGED_TO, tmp_pass);
} else {
notice_lang(s_NickServ, u, NICK_SET_PASSWORD_CHANGED);
diff --git a/src/mysql.c b/src/mysql.c
index d50d1f3a6..22fa520da 100644
--- a/src/mysql.c
+++ b/src/mysql.c
@@ -238,7 +238,7 @@ char *db_mysql_secure(char *pass)
memset(tmp_pass, '\0', PASSMAX);
/* We couldnt decrypt the pass... */
- if (enc_decrypt(pass, tmp_pass, PASSMAX) != 1) {
+ if (enc_decrypt(pass, tmp_pass, PASSMAX - 1) != 1) {
snprintf(epass, sizeof(epass), "'%s'", pass);
} else { /* if we could decrypt the pass */
if (!pass) {
diff --git a/version.log b/version.log
index f00ab755f..a60b4134f 100644
--- a/version.log
+++ b/version.log
@@ -9,10 +9,14 @@ VERSION_MAJOR="1"
VERSION_MINOR="7"
VERSION_PATCH="22"
VERSION_EXTRA="-svn"
-VERSION_BUILD="1449"
+VERSION_BUILD="1450"
# $Log$
#
+# BUILD : 1.7.22 (1450)
+# BUGS :
+# NOTES : Fixed a number of remaining buffer overflows in NS and CS not addressed by previous commit.
+#
# BUILD : 1.7.22 (1449)
# BUGS :
# NOTES : Applied a patch by w00t to fix possible buffer overflows in NS/CS REGISTER. As of now the max pass length is 31 instead of 32 characters.
generated by cgit (git 2.34.1) at 2025-06-22 01:43:09 +0000