From a61ba3d2b90dcbb689b312be0458651488a8f826 Mon Sep 17 00:00:00 2001
From: Luke Bratch <luke@bratch.co.uk>
Date: Fri, 6 Sep 2019 20:10:17 +0100
Subject: Change how the received client string length check is done before
 stripping newlines to avoid a potential buffer underflow.

---
 TODO         | 16 ++++++++++++++++
 blabouncer.c |  6 ++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/TODO b/TODO
index 580fa95..ea24a8f 100644
--- a/TODO
+++ b/TODO
@@ -3,3 +3,19 @@ Support multiple connect commands.
 Support arrays or similar in the configuration file (for nick(s), connectcommand(s), etc.)
 
 All the TODOs sprinkled throughout the code!
+
+Use connecting/disconnecting IPs instead of fd numbers in NOTICEs and both in debug.
+
+Option to include date in replay log replay.
+
+(I think) replay log can cause non-existent user to appear in channel (e.g. ~19:00 on 12/08/2019 for me)
+
+Do server operator messages and commands work?
+
+Add BLABOUNCER HELP as a valid command to avoid the unrecognised command error.
+
+(I vaguely recall) some unwanted stuff (channel ban info?) was relayed to another client upon a client connecting.
+
+Change BLABOUNCER REPLAY to be D:H:M instead of D:H:M:S.
+
+PM replay chat in a channel (or perhaps a random channel?) e.g. replay on 06/09/2019 at 17:05 from 13:49 in #insomnia - maybe a client thing.
diff --git a/blabouncer.c b/blabouncer.c
index ecd8d00..e0c41f8 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -826,10 +826,8 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
             clientbuf[clientnumbytes] = '\0'; // TODO make sure this can't overrun if some super long line (max bytes?) was received
             // clear up any newlines - TODO - Should we be doing this?  If not, we can stop only doing truncation checks for the server in processrawstring().
             // Only check for newlines if the string length is at least one!
-            if (strlen(clientbuf) > 0) {
-              while (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r') {
-                clientbuf[strlen(clientbuf) - 1] = '\0';
-              }
+            while (strlen(clientbuf) > 0 && (clientbuf[strlen(clientbuf) - 1] == '\n' || clientbuf[strlen(clientbuf) - 1] == '\r')) {
+              clientbuf[strlen(clientbuf) - 1] = '\0';
             }
             debugprint(DEBUG_SOME, "BOUNCER-CLIENT RECEIVED: '%s'\n", clientbuf);
 
-- 
cgit v1.2.3