diff options
| author | Luke Bratch <luke@bratch.co.uk> | 2019-05-18 17:03:07 +0100 |
|---|---|---|
| committer | Luke Bratch <luke@bratch.co.uk> | 2019-05-18 17:03:07 +0100 |
| commit | fe27073f78cd198d7029a8e81494858d602d8bde (patch) | |
| tree | 466344419d315b7e54972e4179fbcfedd3fa9a19 | |
| parent | 4cd965884ae9a9e9738818eca11af9ba9aa792d4 (diff) | |
Avoid some buffer overruns.
| -rw-r--r-- | blabouncer.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/blabouncer.c b/blabouncer.c index 775ccce..cbab56b 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -133,7 +133,11 @@ int arrindex(struct client *clients, int clientfd) { } // Send whatever string to a specific client by providing the FD -int sendtoclient(int fd, char *str, struct client *clients, struct settings *settings) { +int sendtoclient(int fd, char *strsrc, struct client *clients, struct settings *settings) { + // Copy to new string for passing to appendcrlf() to avoid overrun in appendcrlf() + char str[MAXDATASIZE]; + strcpy(str, strsrc); + appendcrlf(str); // Do this just before sending so callers don't need to worry about it int i = 0; @@ -185,10 +189,14 @@ int disconnectclient(int fd, struct client *clients) { // "except" is used to send to all clients _except_ the fd provided (except = 0 (EXCEPT_NONE) avoids this, i.e. sends to all) // "except" is really the "sourcefd" and is also used as part of the authentication check - this is messy and they should perhaps be two separate arguments. // TODO - is passing str_len useful if we're appendcrlfing and then using strlen(str) in the send? I guess not... (As long as we're always null terminated in the correct place.) -int sendtoallclients(struct client *clients, char *str, int except, struct settings *settings) { +int sendtoallclients(struct client *clients, char *strsrc, int except, struct settings *settings) { char *sendertype; + // Copy to new string for passing to appendcrlf() to avoid overrun in appendcrlf() + char str[MAXDATASIZE]; + strcpy(str, strsrc); + appendcrlf(str); // Do this just before sending so callers don't need to worry about it // Decide what sort of text to prefix the debug output with @@ -243,7 +251,11 @@ int sendtoallclients(struct client *clients, char *str, int except, struct setti // Client FD and arrays needed to make sure anything relayed from a client is from an authenticated client. // clientfd of "0" means trusted, used when we are sending things ourselves that weren't relayed // from a real client. -int sendtoserver(SSL *server_ssl, char *str, int str_len, int clientfd, struct client *clients, struct settings *settings) { +int sendtoserver(SSL *server_ssl, char *strsrc, int str_len, int clientfd, struct client *clients, struct settings *settings) { + // Copy to new string for passing to appendcrlf() to avoid overrun in appendcrlf() + char str[MAXDATASIZE]; + strcpy(str, strsrc); + appendcrlf(str); // Do this just before sending so callers don't need to worry about it str_len = strlen(str); // Recalculate str_len in case it changed (TODO: so do we even need to pass it to this function?) @@ -1305,6 +1317,10 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { // Struct of channels we're in struct channel *channels; channels = malloc(sizeof(struct channel) * MAXCHANNELS); + // Set initial channel names to empty strings + for (int i = 0; i < MAXCHANNELS; i++) { + channels[i].name[0] = '\0'; + } // =============================================> // OpenSSL context for client side (that clients connect to) (need to create this whether or not using TLS as it is referenced later) |