Handle very long lines and very short lines. Print to terminal if we fail to connect to server at startup. Don't print to terminal if sending to a client or to the server fails.

1 files changed, 19 insertions, 3 deletions

diff --git a/blabouncer.c b/blabouncer.c
index c9a91aa..3b0a538 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -274,6 +274,11 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie
     if (*token == '\0') continue; // Skip consecutive matches
     if (messagecount >= MAXTOKENS) break; // Too many tokens
     debugprint(DEBUG_FULL, "String Token: \"%s\", length %zd.\n", token, strlen(token));
+    // Make sure it's not too long
+    if (strlen(token) > MAXDATASIZE - 1) {
+      debugprint(DEBUG_CRIT, "Token too long, discarding.\n");
+      continue;
+    }
     // Copy into the token array (strlen + 1 to get the NULL terminator)
     strncpy(messages[messagecount], token, strlen(token) + 1);
     messagecount++;
@@ -297,7 +302,7 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie
   // If the final characters of the raw string weren't \r\n then assume the final token is a truncated message
   // Copy to a holding area for continuation next time
   // (Only if source was the server since we always strip \r\n from client messages when recving - TODO - Should we be doing that?
-  if ((str[strlen(str)-2] != 13 || str[strlen(str)-1] != 10) && source == SOURCE_SERVER) {
+  if (strlen(str) > 2 && (str[strlen(str)-2] != 13 || str[strlen(str)-1] != 10) && source == SOURCE_SERVER) {
     debugprint(DEBUG_FULL, "processrawstring(): Truncated message detected, storing final token '%s' for later.\n", messages[messagecount - 1]);
     strncpy(ircdstate->currentmsg, messages[messagecount - 1], strlen(messages[messagecount - 1]));
     ircdstate->currentmsg[strlen(messages[messagecount - 1])] = '\0';
@@ -762,7 +767,7 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
         } else {
           debugprint(DEBUG_FULL, "...previous connection!\n");
           // handle data from a client
-          if ((clientnumbytes = sockread(clients[arrindex(clients, i)].ssl, clientbuf, sizeof clientbuf, settings->clienttls)) <= 0) {
+          if ((clientnumbytes = sockread(clients[arrindex(clients, i)].ssl, clientbuf, MAXRCVSIZE - 1, settings->clienttls)) <= 0) {
             // got error or connection closed by client
             if (clientnumbytes == 0) {
               // connection closed
@@ -777,6 +782,16 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
             debugprint(DEBUG_FULL, "bouncer-client: total client connections: %d\n", numclients(clients));
           } else {
             // we got some data from a client
+
+            // Make sure it's not too long
+            if (clientnumbytes > MAXRCVSIZE - 1) {
+              debugprint(DEBUG_CRIT, "bouncer-client: too many bytes received (%d out of a max of %d).\n", clientnumbytes, MAXRCVSIZE - 1);
+              // Clear clientbuf since it's overflowed
+              clientbuf[0] = '\0';
+              // And go back to the top of the loop
+              continue;
+            }
+
             // null terminate that baby
             clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received
             // clear up any newlines - TODO - Should we be doing this?  If not, we can stop only doing truncation checks for the server in processrawstring().
@@ -1141,8 +1156,9 @@ int main(int argc, char *argv[]) {
   // Create server socket
   int serversockfd;
   if ((serversockfd = createserversocket(settings.ircserver, settings.ircserverport)) == -1) {
+    fprintf(stderr, "main(): Couldn't connect to server, exiting.\n");
     debugprint(DEBUG_CRIT, "main(): Couldn't connect to server, exiting.\n");
-    exit(1);
+    exit(EXIT_FAILURE);
   }
 
   // Create client socket (after server so we can use its fd number later as fdmax)