From bac250f68905ef10f6c0711ef1e9e09352868b70 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 20 Dec 2008 17:17:27 +0100 Subject: [PATCH] Add code to detect overflow in WHOX. This should currently be impossible, but may be possible with extremely long server/nick names and additional fields. In case of overflow, the string sent to to the user is truncated and if it was the first overflow since the module was loaded a notice is sent to snomask +d. --- modules/m_who.c | 73 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 55 insertions(+), 18 deletions(-) diff --git a/modules/m_who.c b/modules/m_who.c index 0b63a4bb..718ed094 100644 --- a/modules/m_who.c +++ b/modules/m_who.c @@ -423,6 +423,31 @@ do_who_on_channel(struct Client *source_p, struct Channel *chptr, } } +/* + * append_format + * + * inputs - pointer to buffer + * - size of buffer + * - pointer to position + * - format string + * - arguments for format + * output - NONE + * side effects - position incremented, possibly beyond size of buffer + * this allows detecting overflow + */ +static void +append_format(char *buf, size_t bufsize, size_t *pos, const char *fmt, ...) +{ + size_t max, result; + va_list ap; + + max = *pos >= bufsize ? 0 : bufsize - *pos; + va_start(ap, fmt); + result = rb_vsnprintf(buf + *pos, bufsize - *pos, fmt, ap); + va_end(ap); + *pos += result; +} + /* * do_who * @@ -438,7 +463,8 @@ static void do_who(struct Client *source_p, struct Client *target_p, struct membership *msptr, struct who_format *fmt) { char status[16]; - char str[512], *p, *end; + char str[510 + 1]; /* linebuf.c will add \r\n */ + size_t pos; const char *q; rb_sprintf(status, "%c%s%s", @@ -454,33 +480,34 @@ do_who(struct Client *source_p, struct Client *target_p, struct membership *mspt else { str[0] = '\0'; - p = str; - end = str + sizeof str; + pos = 0; + append_format(str, sizeof str, &pos, ":%s %d %s", + me.name, RPL_WHOSPCRPL, source_p->name); if (fmt->fields & FIELD_QUERYTYPE) - p += rb_snprintf(p, end - p, " %s", fmt->querytype); + append_format(str, sizeof str, &pos, " %s", fmt->querytype); if (fmt->fields & FIELD_CHANNEL) - p += rb_snprintf(p, end - p, " %s", msptr ? msptr->chptr->chname : "*"); + append_format(str, sizeof str, &pos, " %s", msptr ? msptr->chptr->chname : "*"); if (fmt->fields & FIELD_USER) - p += rb_snprintf(p, end - p, " %s", target_p->username); + append_format(str, sizeof str, &pos, " %s", target_p->username); if (fmt->fields & FIELD_IP) { if (show_ip(source_p, target_p) && !EmptyString(target_p->sockhost) && strcmp(target_p->sockhost, "0")) - p += rb_snprintf(p, end - p, " %s", target_p->sockhost); + append_format(str, sizeof str, &pos, " %s", target_p->sockhost); else - p += rb_snprintf(p, end - p, " %s", "255.255.255.255"); + append_format(str, sizeof str, &pos, " %s", "255.255.255.255"); } if (fmt->fields & FIELD_HOST) - p += rb_snprintf(p, end - p, " %s", target_p->host); + append_format(str, sizeof str, &pos, " %s", target_p->host); if (fmt->fields & FIELD_SERVER) - p += rb_snprintf(p, end - p, " %s", target_p->servptr->name); + append_format(str, sizeof str, &pos, " %s", target_p->servptr->name); if (fmt->fields & FIELD_NICK) - p += rb_snprintf(p, end - p, " %s", target_p->name); + append_format(str, sizeof str, &pos, " %s", target_p->name); if (fmt->fields & FIELD_FLAGS) - p += rb_snprintf(p, end - p, " %s", status); + append_format(str, sizeof str, &pos, " %s", status); if (fmt->fields & FIELD_HOP) - p += rb_snprintf(p, end - p, " %d", ConfigServerHide.flatten_links ? 0 : target_p->hopcount); + append_format(str, sizeof str, &pos, " %d", ConfigServerHide.flatten_links ? 0 : target_p->hopcount); if (fmt->fields & FIELD_IDLE) - p += rb_snprintf(p, end - p, " %d", (int)(MyClient(target_p) ? rb_current_time() - target_p->localClient->last : 0)); + append_format(str, sizeof str, &pos, " %d", (int)(MyClient(target_p) ? rb_current_time() - target_p->localClient->last : 0)); if (fmt->fields & FIELD_ACCOUNT) { /* display as in whois */ @@ -494,12 +521,22 @@ do_who(struct Client *source_p, struct Client *target_p, struct membership *mspt } else q = "0"; - p += rb_snprintf(p, end - p, " %s", q); + append_format(str, sizeof str, &pos, " %s", q); } if (fmt->fields & FIELD_OPLEVEL) - p += rb_snprintf(p, end - p, " %s", is_chanop(msptr) ? "999" : "n/a"); + append_format(str, sizeof str, &pos, " %s", is_chanop(msptr) ? "999" : "n/a"); if (fmt->fields & FIELD_INFO) - p += rb_snprintf(p, end - p, " :%s", target_p->info); - sendto_one_numeric(source_p, RPL_WHOSPCRPL, "%s", str + 1); + append_format(str, sizeof str, &pos, " :%s", target_p->info); + + if (pos >= sizeof str) + { + static int warned = 0; + if (!warned) + sendto_realops_snomask(SNO_DEBUG, L_NETWIDE, + "WHOX overflow while sending information about %s to %s", + target_p->name, source_p->name); + warned = 1; + } + sendto_one(source_p, "%s", str); } }