summaryrefslogtreecommitdiff
path: root/blabouncer.c
diff options
context:
space:
mode:
Diffstat (limited to 'blabouncer.c')
-rw-r--r--blabouncer.c22
1 files changed, 19 insertions, 3 deletions
diff --git a/blabouncer.c b/blabouncer.c
index c9a91aa..3b0a538 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -274,6 +274,11 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie
if (*token == '\0') continue; // Skip consecutive matches
if (messagecount >= MAXTOKENS) break; // Too many tokens
debugprint(DEBUG_FULL, "String Token: \"%s\", length %zd.\n", token, strlen(token));
+ // Make sure it's not too long
+ if (strlen(token) > MAXDATASIZE - 1) {
+ debugprint(DEBUG_CRIT, "Token too long, discarding.\n");
+ continue;
+ }
// Copy into the token array (strlen + 1 to get the NULL terminator)
strncpy(messages[messagecount], token, strlen(token) + 1);
messagecount++;
@@ -297,7 +302,7 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie
// If the final characters of the raw string weren't \r\n then assume the final token is a truncated message
// Copy to a holding area for continuation next time
// (Only if source was the server since we always strip \r\n from client messages when recving - TODO - Should we be doing that?
- if ((str[strlen(str)-2] != 13 || str[strlen(str)-1] != 10) && source == SOURCE_SERVER) {
+ if (strlen(str) > 2 && (str[strlen(str)-2] != 13 || str[strlen(str)-1] != 10) && source == SOURCE_SERVER) {
debugprint(DEBUG_FULL, "processrawstring(): Truncated message detected, storing final token '%s' for later.\n", messages[messagecount - 1]);
strncpy(ircdstate->currentmsg, messages[messagecount - 1], strlen(messages[messagecount - 1]));
ircdstate->currentmsg[strlen(messages[messagecount - 1])] = '\0';
@@ -762,7 +767,7 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
} else {
debugprint(DEBUG_FULL, "...previous connection!\n");
// handle data from a client
- if ((clientnumbytes = sockread(clients[arrindex(clients, i)].ssl, clientbuf, sizeof clientbuf, settings->clienttls)) <= 0) {
+ if ((clientnumbytes = sockread(clients[arrindex(clients, i)].ssl, clientbuf, MAXRCVSIZE - 1, settings->clienttls)) <= 0) {
// got error or connection closed by client
if (clientnumbytes == 0) {
// connection closed
@@ -777,6 +782,16 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
debugprint(DEBUG_FULL, "bouncer-client: total client connections: %d\n", numclients(clients));
} else {
// we got some data from a client
+
+ // Make sure it's not too long
+ if (clientnumbytes > MAXRCVSIZE - 1) {
+ debugprint(DEBUG_CRIT, "bouncer-client: too many bytes received (%d out of a max of %d).\n", clientnumbytes, MAXRCVSIZE - 1);
+ // Clear clientbuf since it's overflowed
+ clientbuf[0] = '\0';
+ // And go back to the top of the loop
+ continue;
+ }
+
// null terminate that baby
clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received
// clear up any newlines - TODO - Should we be doing this? If not, we can stop only doing truncation checks for the server in processrawstring().
@@ -1141,8 +1156,9 @@ int main(int argc, char *argv[]) {
// Create server socket
int serversockfd;
if ((serversockfd = createserversocket(settings.ircserver, settings.ircserverport)) == -1) {
+ fprintf(stderr, "main(): Couldn't connect to server, exiting.\n");
debugprint(DEBUG_CRIT, "main(): Couldn't connect to server, exiting.\n");
- exit(1);
+ exit(EXIT_FAILURE);
}
// Create client socket (after server so we can use its fd number later as fdmax)