philippelh/bitchx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Truncate DCC port to unsigned short before checking for a privileged port

Browse Source 
Checking before truncation means you can sneak a privileged port past the check.

This change also collects the various broken-out parts of a CTCP DCC offer into a struct so that
it's easier to pass them all around together.
This commit is contained in:
Kevin Easton
2016-11-02 23:58:11 +11:00
parent 23d466c4a1
commit 6cac0e6bb1
4 changed files with 116 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
include/dcc.h
View File

@@ -105,6 +105,20 @@
#define DCC_SSL 0x04000000
#define DCC_STATES 0xffffff00
/* This collects together the various broken-out fields of a
* CTCP DCC offer, because they're passed around as a group.
*/
struct dcc_offer {
char *nick;
char *type;
char *description;
char *address;
char *port;
char *size;
char *extra;
char *userhost;
};
int check_dcc_list (char *);
int dcc_exempt_save (FILE *);
@@ -128,7 +142,7 @@
void dcc_bot_transmit(char *, char *, char *);
void dcc_raw_transmit(char *, char *, char *);
void handle_dcc_offer(char *, char *, char *, char *, char *, char *, char *, char *);
void handle_dcc_offer(struct dcc_offer *);
void dcc_reject(char *, char *, char *);
char *dcc_raw_connect(char *, unsigned short);