[I sent this patch to this list a little while ago, but I believe there
were problems with the mail servers somewhere between myself and the
listserv, so I'm resending it. I apologize if this is a duplicate.]
ircu 2.10.11 currently does not check the length of incoming account
stamps, but rather truncates them to fit. This may cause problems (or at
least turn an already nasty problem such as misconfigured software into
a nastier one), because the truncated name may belong to someone else.
I have attached a small patch to m_account.c against u2_10_11_02 that
will check incoming stamps against ACCOUNTLEN and complain through
wallops about stamps that are too large.
# Zoot
# Developer, GamesNET IRC Network
Index: ChangeLog
===================================================================
RCS file: /cvsroot/undernet-ircu/ircu2.10/ChangeLog,v
retrieving revision 1.290.2.124.2.5
diff -u -r1.290.2.124.2.5 ChangeLog
--- ChangeLog 4 Oct 2002 04:03:53 -0000 1.290.2.124.2.5
+++ ChangeLog 6 Oct 2002 00:23:06 -0000
@@ -1,3 +1,8 @@
+2002-10-05 Zoot <[EMAIL PROTECTED]>
+
+ * ircd/m_account.c (ms_account): check the length of the account;
+ ignore accounts that are too long and send a warning through wallops
+
2002-09-25 David Mansell <[EMAIL PROTECTED]>
* ircd/m_burst.c: Fixed list walking bug.
Index: ircd/m_account.c
===================================================================
RCS file: /cvsroot/undernet-ircu/ircu2.10/ircd/m_account.c,v
retrieving revision 1.1.2.2
diff -u -r1.1.2.2 m_account.c
--- ircd/m_account.c 3 Feb 2002 20:31:46 -0000 1.1.2.2
+++ ircd/m_account.c 6 Oct 2002 00:23:06 -0000
@@ -120,6 +120,12 @@
assert(0 == cli_user(acptr)->account[0]);
+ if (strlen(parv[2]) > ACCOUNTLEN) {
+ sendwallto_group_butone(&me, WALL_WALLOPS, NULL,
+ "Received account (%s) longer than %d for %s; ignoring.",
+parv[2], ACCOUNTLEN, cli_name(acptr));
+ return 0;
+ }
+
ircd_strncpy(cli_user(acptr)->account, parv[2], ACCOUNTLEN);
hide_hostmask(acptr, FLAGS_ACCOUNT);
