1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 02:43:12 +02:00
Commit Graph

37 Commits

Author SHA1 Message Date
Bram Matthys 704487e124 Fix numerous crash bugs in server to server code.
In 3.2.x we didn't fix these bugs since servers are trusted and
should send correct commands. In 4.0.x we changed this so we would
fix them when we come across such issues at normal priority (not
consider them security issues). I now took it a step further and
actively checked/looked for these issues and a bunch of them were
found. Almost all are NULL pointer dereferences, with some exceptions.
* S2S: MODE: check conv_param return value (NULL ptr crash)
* S2S: MODE: floodprot: More checks (NULL ptr crash)
* S2S: MODE: OOB write of NULL (write NULL past last element in an array)
* S2S: NICK: old compat fixes (NULL ptr crash)
* S2S: PROTOCTL: Check for double SID=
* S2S: SERVER: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: Fix OOB read (read 1 byte past buffer)
* S2S: TKL: validate set_at and expire_at (NULL ptr crash)
* S2S: TKL: require at least 9 parameters for spamf, not 8 (NULL ptr crash)
* S2S: TKL: ignore invalid spamfilter matching type (remove abort() call)
* S2S: TOPIC: querying for topic is not permitted (NULL ptr crash)
* S2S: UID: require 12 parameters (NULL ptr crash)
* S2S: WATCH: this is not a server command (NULL ptr crash)
* Fix OOB read (1 byte beyond string) for timevals. This was reachable
  from config code, TKL (S2S) and /*LINE (Oper). In practice no crash.
* MODE: make code less confusing (effectively no change)
* TRACE: remove strange output in case of 0 lines of output
* Fix unimportant memory leak on boot (#4713, reported by dg)
* Fix small memory leak upon 'DNS i' (oper only command)
* Always work on a copy in clean_ban_mask(). This fixes a bug that could
  result in a strlcpy(buf, buf, sizeof(buf)). So, overlapping strings,
  which is undefined behavior.
2017-10-29 11:20:52 +01:00
Bram Matthys 35c9c08008 Fix crash if TOPIC_NICK_IS_NUHOST is enabled (crash upon TOPIC set by server) 2017-02-03 08:42:16 +01:00
Bram Matthys bf1e1502ba Use #include "unrealircd.h" in all modules (#4516). 2016-03-04 13:02:06 +01:00
Bram Matthys 8b45169f82 Get rid of $Id$ in /MODULE (version) output. Just report as "4.0" 2015-10-11 18:18:31 +02:00
Bram Matthys 2a53499610 Get rid of useless DLLFUNC prefixes (at places where they were not needed) 2015-07-25 20:23:37 +02:00
Bram Matthys fd375ee284 Use CMD_FUNC() everywhere 2015-07-25 20:22:44 +02:00
Bram Matthys bbb121383b Add who-may-execute-this in many CommandAdd()'s. Trying to remove all "unspecified" (0) ones... hopefully I made no mistake in this ;)
Update remote-permission check in ValidatePermissionsForPath to check at least IsOper.. may save us from some serious mistakes ;)
2015-07-12 15:32:11 +02:00
Bram Matthys e8dfb284a1 Replace parv[0] with sptr->name. Don't use parv[0] anymore.
I went through all 500+ of them by hand as to avoid introducing bugs... we'll see ;)
2015-07-10 12:17:05 +02:00
Travis McArthur 2450909c26 Change name of OperEval... 2015-07-09 12:31:45 -07:00
Bram Matthys 60356bd97c typo (l -> L) 2015-07-08 18:06:30 +02:00
Bram Matthys fe14e21175 Update all MOD_TEST/MOD_INIT/MOD_LOAD/MOD_UNLOAD calls to new format 2015-07-08 18:02:19 +02:00
Travis McArthur 108d3eab9d Refactor permissions in m_topic 2015-07-05 12:04:39 -07:00
Travis McArthur 81cba1b12d Remove remaining OPCan*
Updates to default operclasses as well
2015-06-26 11:08:00 -07:00
Travis McArthur df4597b869 Modularize operonly (+O) 2014-06-07 19:37:25 -07:00
Bram Matthys 101d2dd6a3 Big 3.4.x commit containing bug fixes and enhancements. Modularizing
user & channel modes. Fixing Windows build. Etc..
2014-05-11 20:56:02 +02:00
William Pitcock 881d79e5b5 - more UID vs. non-UID translation 2013-05-25 09:52:35 +00:00
William Pitcock afdf5d780a - Replace ircsprintf() with bounds-checking ircsnprintf(), patch from FalconKirtaran. (#4208) 2013-05-21 06:26:52 +00:00
William Pitcock 61fe014771 - Remove sendto_server_butone() and friends, now everything uses sendto_server(). (#4202)
Patch from FalconKirtaran.
2013-05-20 01:21:45 +00:00
William Pitcock b413848524 - TOK_FOO removal pass 2 2013-05-19 21:40:45 +00:00
William Pitcock ca86485927 - Remove token parameter from CommandAdd(). 2013-05-19 21:27:26 +00:00
=?UTF-8?q?Mantas=20Mikul=C4=97nas?= 3e47992755 - Remove remaining uses of sendto_serv_butone_token() from modules.
---
 src/modules/m_chatops.c    | 10 ++++------
 src/modules/m_chghost.c    |  4 ++--
 src/modules/m_chgident.c   |  5 ++---
 src/modules/m_chgname.c    |  4 ++--
 src/modules/m_globops.c    |  4 ++--
 src/modules/m_join.c       | 13 +++++--------
 src/modules/m_kick.c       |  5 ++---
 src/modules/m_mode.c       | 26 ++++++++++++--------------
 src/modules/m_nachat.c     |  4 ++--
 src/modules/m_nick.c       |  4 ++--
 src/modules/m_oper.c       |  9 ++++-----
 src/modules/m_part.c       |  9 ++++-----
 src/modules/m_sajoin.c     |  3 +--
 src/modules/m_sasl.c       | 20 +++++++++++---------
 src/modules/m_sdesc.c      |  3 +--
 src/modules/m_sendsno.c    |  3 +--
 src/modules/m_sethost.c    |  3 +--
 src/modules/m_setident.c   |  3 +--
 src/modules/m_setname.c    |  2 +-
 src/modules/m_svsfline.c   | 15 ++++-----------
 src/modules/m_svskill.c    |  3 +--
 src/modules/m_svsmode.c    | 12 ++++++------
 src/modules/m_svsmotd.c    | 10 ++++------
 src/modules/m_svsnick.c    |  3 +--
 src/modules/m_svsnline.c   | 15 ++++-----------
 src/modules/m_svssilence.c |  2 +-
 src/modules/m_swhois.c     |  3 +--
 src/modules/m_tkl.c        | 10 +++++-----
 src/modules/m_topic.c      | 14 +++++---------
 src/modules/m_vhost.c      | 12 +++++-------
 30 files changed, 97 insertions(+), 136 deletions(-)
2013-05-19 20:36:56 +00:00
William Pitcock 6085877aa7 - Remove TS2ts() and %B usage in formatter strings. Patch from FalconKirtaran (#4197, #4198). 2013-05-19 08:36:49 +00:00
William Pitcock 424d7afba7 - Remove all references to add_Command(). (#3177) 2012-12-26 19:57:35 -06:00
William Pitcock ab5e766d9c - Replace calls to strncpyzt() macro with more secure strlcpy().
This was done using Coccinelle, the semantic patch was:

  @@
  expression src, dst, len;
  @@

  - strncpyzt(src, dst, len);
  + strlcpy(src, dst, len);
2012-11-21 03:22:29 +00:00
stskeeps f3a2d7f6a4 - #0001317 reported by thilo regarding removal of (username) being
appended to topics set by U:Lined servers.
2007-06-15 19:47:26 +00:00
Bram Matthys e1dd8acd72 - Made it so undefining SHOW_SECRET (not the default) properly hides +s channels from ircops
(except netadmins), as it should. Reported and patch supplied by Jason (#0002965).
2006-07-04 10:05:18 +00:00
Bram Matthys 74c38ca2b5 - Made people with can_override able to change the topic again if not chanop and banned/+m-t,
reported by vonitsanet (#0002952).
2006-06-07 10:40:12 +00:00
Bram Matthys abf11b8e66 - Made the "voice needed when channel is +m but -t" actually work, reported by Trystan and
Ron2K (#0002940).
2006-06-01 17:08:12 +00:00
Bram Matthys 4530ee5219 - Made it so if the channel is +m but -t, you need at least voice (+v) to change the topic.
Reported by aquanight (#0002233).
[commit accidently happened earlier btw...]
2006-04-09 20:17:25 +00:00
Bram Matthys eee6d3c8d1 - Local opers may now use /TRACE (local only), suggested by GSF19 (#0002365). 2006-04-09 18:37:38 +00:00
Bram Matthys c9648673fd - Made it so banned users cannot change the topic, suggested by aquanight and Stealth (#2233). 2006-01-16 21:11:48 +00:00
Bram Matthys 364bf0f605 - Fixes for an amd64 crash problem, reported by Peter Laur (OpenBSD.se).
- Redid some net synching code to make it more efficient (#2716).
- Fixed spamfilter crash problem: the action 'viruschan' is now no longer incompatible
  with target 'user'. Reported by Monk (#0002570).
2006-01-06 19:53:41 +00:00
Bram Matthys f535167cf9 - Added 'warn' target which is basically the same as 'block' except it does not block ;).
It also sends a numeric to the user saying the command has been processed, but a copy
  has been sent to ircops. I feel this is a good idea for privacy reasons (anti-spy),
  though I don't know how users will react to this. If you are using this on your network
  and get users bothering you about it (or before that ;p), it's probably a good idea
  to explain it somewhere on your site or FAQ :).
  Example usage:
   /spamfilter add p warn - Testing_mirc_decode_filter \$decode\(.*\)
  [WARNING] The numeric text is likely to change in the next few weeks (early-cvs-commit).
- If a class block was removed and any other blocks would be referencing the class block
  (such as: allow::class, oper::class, link::class), then this would cause a crash.
  Reported by Mike_ (#0002646).
2005-09-25 21:49:19 +00:00
Bram Matthys 1a655c11ca - Added spamfilter topic support ('t' in /spamfilter, or 'topic' in conf), suggested
by Z3l3zT (#0001929).
2005-02-04 01:05:42 +00:00
Bram Matthys a573b29a0f - Fixed a bug in individual m_*.so loading, 39 new modules were affected. 2004-02-23 23:14:05 +00:00
stskeeps 9cfc83d98d Changes 2004-02-17 20:45:03 +00:00
Bram Matthys 01c5b99faa - Added [OLD?] flag in /module so you can easily spot old beta* modules.
- Modulized: samode, sajoin, sapart, kick, topic, invite, list
2004-02-16 22:10:39 +00:00