diff options
Diffstat (limited to 'blabouncer.c')
| -rw-r--r-- | blabouncer.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/blabouncer.c b/blabouncer.c index c9a91aa..3b0a538 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -274,6 +274,11 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie if (*token == '\0') continue; // Skip consecutive matches if (messagecount >= MAXTOKENS) break; // Too many tokens debugprint(DEBUG_FULL, "String Token: \"%s\", length %zd.\n", token, strlen(token)); + // Make sure it's not too long + if (strlen(token) > MAXDATASIZE - 1) { + debugprint(DEBUG_CRIT, "Token too long, discarding.\n"); + continue; + } // Copy into the token array (strlen + 1 to get the NULL terminator) strncpy(messages[messagecount], token, strlen(token) + 1); messagecount++; @@ -297,7 +302,7 @@ int processrawstring(SSL *server_ssl, char *str, int source, struct client *clie // If the final characters of the raw string weren't \r\n then assume the final token is a truncated message // Copy to a holding area for continuation next time // (Only if source was the server since we always strip \r\n from client messages when recving - TODO - Should we be doing that? - if ((str[strlen(str)-2] != 13 || str[strlen(str)-1] != 10) && source == SOURCE_SERVER) { + if (strlen(str) > 2 && (str[strlen(str)-2] != 13 || str[strlen(str)-1] != 10) && source == SOURCE_SERVER) { debugprint(DEBUG_FULL, "processrawstring(): Truncated message detected, storing final token '%s' for later.\n", messages[messagecount - 1]); strncpy(ircdstate->currentmsg, messages[messagecount - 1], strlen(messages[messagecount - 1])); ircdstate->currentmsg[strlen(messages[messagecount - 1])] = '\0'; @@ -762,7 +767,7 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { } else { debugprint(DEBUG_FULL, "...previous connection!\n"); // handle data from a client - if ((clientnumbytes = sockread(clients[arrindex(clients, i)].ssl, clientbuf, sizeof clientbuf, settings->clienttls)) <= 0) { + if ((clientnumbytes = sockread(clients[arrindex(clients, i)].ssl, clientbuf, MAXRCVSIZE - 1, settings->clienttls)) <= 0) { // got error or connection closed by client if (clientnumbytes == 0) { // connection closed @@ -777,6 +782,16 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { debugprint(DEBUG_FULL, "bouncer-client: total client connections: %d\n", numclients(clients)); } else { // we got some data from a client + + // Make sure it's not too long + if (clientnumbytes > MAXRCVSIZE - 1) { + debugprint(DEBUG_CRIT, "bouncer-client: too many bytes received (%d out of a max of %d).\n", clientnumbytes, MAXRCVSIZE - 1); + // Clear clientbuf since it's overflowed + clientbuf[0] = '\0'; + // And go back to the top of the loop + continue; + } + // null terminate that baby clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received // clear up any newlines - TODO - Should we be doing this? If not, we can stop only doing truncation checks for the server in processrawstring(). @@ -1141,8 +1156,9 @@ int main(int argc, char *argv[]) { // Create server socket int serversockfd; if ((serversockfd = createserversocket(settings.ircserver, settings.ircserverport)) == -1) { + fprintf(stderr, "main(): Couldn't connect to server, exiting.\n"); debugprint(DEBUG_CRIT, "main(): Couldn't connect to server, exiting.\n"); - exit(1); + exit(EXIT_FAILURE); } // Create client socket (after server so we can use its fd number later as fdmax) |