Committer : entrope
CVSROOT : /cvsroot/undernet-ircu
Module : ircu2.10
Branch tags: u2_10_12_branch
Commit time: 2006-08-03 03:05:12 UTC
Modified files:
Tag: u2_10_12_branch
ircd/ircd_parser.y ChangeLog
Log message:
Report two kinds of configuration file bugs.
---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.710.2.121 ircu2.10/ChangeLog:1.710.2.122
--- ircu2.10/ChangeLog:1.710.2.121 Wed Aug 2 20:01:45 2006
+++ ircu2.10/ChangeLog Wed Aug 2 20:05:02 2006
@@ -1,5 +1,13 @@
2006-08-02 Michael Poole <[EMAIL PROTECTED]>
+ * ircd/ircd_parser.y (connectblock): Check for too-long password.
+ (operblock): Comment why we don't check password length. Move
+ PRIV_PROPAGATE test earlier (so a buggy edit, rehash, /oper will
+ not crash).
+ (clientblock): Check for too-long password.
+
+2006-08-02 Michael Poole <[EMAIL PROTECTED]>
+
* include/channel.h (struct Ban): Fix typo in doxygen comment.
2006-07-09 Michael Poole <[EMAIL PROTECTED]>
Index: ircu2.10/ircd/ircd_parser.y
diff -u ircu2.10/ircd/ircd_parser.y:1.56.2.6
ircu2.10/ircd/ircd_parser.y:1.56.2.7
--- ircu2.10/ircd/ircd_parser.y:1.56.2.6 Fri Jun 30 12:54:35 2006
+++ ircu2.10/ircd/ircd_parser.y Wed Aug 2 20:05:02 2006
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
- * $Id: ircd_parser.y,v 1.56.2.6 2006/06/30 19:54:35 entrope Exp $
+ * $Id: ircd_parser.y,v 1.56.2.7 2006/08/03 03:05:02 entrope Exp $
*/
%{
@@ -420,6 +420,8 @@
parse_error("Missing name in connect block");
else if (pass == NULL)
parse_error("Missing password in connect block");
+ else if (strlen(pass) > PASSWDLEN)
+ parse_error("Password too long in connect block");
else if (host == NULL)
parse_error("Missing host in connect block");
else if (strchr(host, '*') || strchr(host, '?'))
@@ -521,10 +523,14 @@
parse_error("Missing name in operator block");
else if (pass == NULL)
parse_error("Missing password in operator block");
+ /* Do not check password length because it may be crypted. */
else if (host == NULL)
parse_error("Missing host in operator block");
else if (c_class == NULL)
parse_error("Invalid or missing class in operator block");
+ else if (!FlagHas(&privs_dirty, PRIV_PROPAGATE)
+ && !FlagHas(&c_class->privs_dirty, PRIV_PROPAGATE))
+ parse_error("Operator block for %s and class %s have no LOCAL setting",
name, c_class->cc_name);
else {
aconf = make_conf(CONF_OPERATOR);
aconf->name = name;
@@ -533,9 +539,6 @@
aconf->conn_class = c_class;
memcpy(&aconf->privs, &privs, sizeof(aconf->privs));
memcpy(&aconf->privs_dirty, &privs_dirty, sizeof(aconf->privs_dirty));
- if (!FlagHas(&privs_dirty, PRIV_PROPAGATE)
- && !FlagHas(&c_class->privs_dirty, PRIV_PROPAGATE))
- parse_error("Operator block for %s and class %s have no LOCAL setting",
name, c_class->cc_name);
}
if (!aconf) {
MyFree(name);
@@ -685,6 +688,8 @@
if (!c_class)
parse_error("Invalid or missing class in Client block");
+ else if (pass && strlen(pass) > PASSWDLEN)
+ parse_error("Password too long in connect block");
else if (ip && !ipmask_parse(ip, &addr, &addrbits))
parse_error("Invalid IP address %s in Client block", ip);
else {
----------------------- End of diff -----------------------
_______________________________________________
Patches mailing list
[email protected]
http://undernet.sbg.org/mailman/listinfo/patches
