From 05cf540a99125dbac65f0b79e5d280f4759487e2 Mon Sep 17 00:00:00 2001 From: Kevin Easton Date: Tue, 23 Jun 2015 15:53:30 +1000 Subject: [PATCH] Fix use of uninitialised variable and hostmask matching logic in userhost_unban() Initialise ip_str so that it isn't used uninitialised. Don't strip server flags from user@ portion of the hostmask, so that it will not miss matching bans. Switch ip_str from alloca() to malloc_sprintf() / new_free() - there's no particular need for alloca() here. --- Changelog | 3 +++ source/banlist.c | 16 +++++----------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/Changelog b/Changelog index 0995900..fdff436 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,8 @@ [Changes 1.2.2] +* Fix potential crash in /unban, and change it so that it correctly matches + the user@ portion of the hostmask. + * Clean up the build by fixing up the (unsigned char *) / (char *) mismatches that the compiler warns about. (caf) diff --git a/source/banlist.c b/source/banlist.c index c141358..055ba42 100644 --- a/source/banlist.c +++ b/source/banlist.c @@ -302,7 +302,7 @@ void userhost_unban(UserhostItem *stuff, char *nick1, char *args) BanList *bans; WhowasList *whowas; NickList *n = NULL; - char *tmp, *channel, *ip_str, *host = NULL; + char *channel, *ip_str = NULL, *host = NULL; int count = 0, old_server = from_server; if (!stuff || !stuff->nick || !nick1 || !strcmp(stuff->user, "") || my_stricmp(stuff->nick, nick1)) @@ -322,10 +322,7 @@ void userhost_unban(UserhostItem *stuff, char *nick1, char *args) return; } else - { - tmp = clear_server_flags(stuff->user); - malloc_sprintf(&host, "%s!%s@%s",stuff->nick, tmp, stuff->host); - } + malloc_sprintf(&host, "%s!%s@%s",stuff->nick, stuff->user, stuff->host); channel = next_arg(args, &args); if (args && *args) @@ -341,12 +338,8 @@ void userhost_unban(UserhostItem *stuff, char *nick1, char *args) if (!n) n = find_nicklist_in_channellist(stuff->nick, chan, 0); if (n && n->ip) - { - size_t len = strlen(n->nick)+strlen(n->host)+strlen(n->ip)+10; - ip_str = alloca(len); - *ip_str = 0; - strmopencat(ip_str, len, stuff->nick, "!", stuff->user, "@", n->ip, NULL); - } + malloc_sprintf(&ip_str, "%s!%s@%s", stuff->nick, stuff->user, n->ip); + for (bans = chan->bans; bans; bans = bans->next) { if (!bans->sent_unban && (wild_match(bans->ban, host) || (ip_str && wild_match(bans->ban, ip_str))) ) @@ -361,6 +354,7 @@ void userhost_unban(UserhostItem *stuff, char *nick1, char *args) if (!count) bitchsay("No match for Unban of %s on %s", nick1, args); new_free(&host); + new_free(&ip_str); from_server = old_server; }