diff options
author | Luke Bratch <luke@bratch.co.uk> | 2019-05-27 17:25:34 +0100 |
---|---|---|
committer | Luke Bratch <luke@bratch.co.uk> | 2019-05-27 17:25:34 +0100 |
commit | 55f0010f89fe62928b8aef29bfbf73407380ad69 (patch) | |
tree | 03df615aeaa0a85922a510fe9470c06ee3f3366c | |
parent | 3c60bbdb928da1ebcec9153fb199ad740ad41856 (diff) |
Make sure MAXTOKENS being exceeded can't cause a buffer overflow.
-rw-r--r-- | TODO | 2 | ||||
-rw-r--r-- | blabouncer.c | 3 | ||||
-rw-r--r-- | functions.h | 1 |
3 files changed, 3 insertions, 3 deletions
@@ -10,5 +10,3 @@ Add various auto replay options: Might need to #include <limits.h> in blabouncer.c to make some operating systems and/or compilers happy. Reconnect server if we get disconnected for some reason. - -Make sure MAXTOKENS being exceeded can't cause a buffer overflow. diff --git a/blabouncer.c b/blabouncer.c index f8671f5..e958828 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -606,6 +606,7 @@ int joinautochannels(SSL *server_ssl, struct client *clients, struct settings *s // Split on commas while ((token = strsep(&strcopy, ",")) != NULL) { if (*token == '\0') continue; // Skip consecutive matches + if (counter >= MAXAUTOCHANLEN) break; // Too many tokens printf(" >> Auto channel: '%s', length '%ld'.\n", token, strlen(token)); // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(tokens[counter], token, strlen(token) + 1); @@ -701,6 +702,7 @@ int processircmessage(SSL *server_ssl, char *str, int source, struct client *cli while ((token = strsep(&strcopy, " ")) != NULL) { if (*token == '\0') continue; // Skip consecutive matches + if (counter >= MAXTOKENS) break; // Too many tokens printf(" >> Message Token: \"%s\", length %zd.\n", token, strlen(token)); // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(tokens[counter], token, strlen(token) + 1); @@ -1892,6 +1894,7 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie while ((token = strsep(&strcopy, "\r\n")) != NULL) { if (*token == '\0') continue; // Skip consecutive matches + if (counter >= MAXTOKENS) break; // Too many tokens printf("String Token: \"%s\", length %zd.\n", token, strlen(token)); // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(messages[messagecount], token, strlen(token) + 1); diff --git a/functions.h b/functions.h index fe1bee8..8fb5145 100644 --- a/functions.h +++ b/functions.h @@ -14,7 +14,6 @@ #include <sys/select.h> #define MAXDATASIZE 513 // max number of bytes we can get at once (RFC2812 says 512, plus one for null terminator) -#define MAXTOKENS 100 // maximum number of (CRLF or space) separated tokens per server response we expect (TODO - check this is reasonable) // getstdin() return codes #define OK 0 |