Committer : entrope
CVSROOT : /cvsroot/undernet-ircu
Module : ircu2.10
Commit time: 2006-08-03 03:13:41 UTC
Modified files:
ircd/ircd_parser.y ChangeLog
Log message:
Report two kinds of configuration file bugs.
---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.816 ircu2.10/ChangeLog:1.817
--- ircu2.10/ChangeLog:1.816 Thu Jul 27 18:33:52 2006
+++ ircu2.10/ChangeLog Wed Aug 2 20:13:31 2006
@@ -1,3 +1,11 @@
+2006-08-02 Michael Poole <[EMAIL PROTECTED]>
+
+ * ircd/ircd_parser.y (connectblock): Check for too-long password.
+ (operblock): Comment why we don't check password length. Move
+ PRIV_PROPAGATE test earlier (so a buggy edit, rehash, /oper will
+ not crash).
+ (clientblock): Check for too-long password.
+
2006-07-27 Michael Poole <[EMAIL PROTECTED]>
* ircd/send.c (sendcmdto_channels): Do not build serv_mb for local
Index: ircu2.10/ircd/ircd_parser.y
diff -u ircu2.10/ircd/ircd_parser.y:1.69 ircu2.10/ircd/ircd_parser.y:1.70
--- ircu2.10/ircd/ircd_parser.y:1.69 Wed Jul 26 18:06:46 2006
+++ ircu2.10/ircd/ircd_parser.y Wed Aug 2 20:13:31 2006
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
- * $Id: ircd_parser.y,v 1.69 2006/07/27 01:06:46 entrope Exp $
+ * $Id: ircd_parser.y,v 1.70 2006/08/03 03:13:31 entrope Exp $
*/
%{
@@ -514,6 +514,8 @@
parse_error("Missing name in connect block");
else if (pass == NULL)
parse_error("Missing password in connect block");
+ else if (strlen(pass) > PASSWDLEN)
+ parse_error("Password too long in connect block");
else if (host == NULL)
parse_error("Missing host in connect block");
else if (strchr(host, '*') || strchr(host, '?'))
@@ -626,10 +628,14 @@
parse_error("Missing name in operator block");
else if (pass == NULL)
parse_error("Missing password in operator block");
+ /* Do not check password length because it may be crypted. */
else if (host == NULL)
parse_error("Missing host in operator block");
else if (c_class == NULL)
parse_error("Invalid or missing class in operator block");
+ else if (!FlagHas(&privs_dirty, PRIV_PROPAGATE)
+ && !FlagHas(&c_class->privs_dirty, PRIV_PROPAGATE))
+ parse_error("Operator block for %s and class %s have no LOCAL setting",
name, c_class->cc_name);
else {
aconf = make_conf(CONF_OPERATOR);
aconf->name = name;
@@ -638,9 +644,6 @@
aconf->conn_class = c_class;
memcpy(&aconf->privs, &privs, sizeof(aconf->privs));
memcpy(&aconf->privs_dirty, &privs_dirty, sizeof(aconf->privs_dirty));
- if (!FlagHas(&privs_dirty, PRIV_PROPAGATE)
- && !FlagHas(&c_class->privs_dirty, PRIV_PROPAGATE))
- parse_error("Operator block for %s and class %s have no LOCAL setting",
name, c_class->cc_name);
}
if (!aconf) {
MyFree(name);
@@ -794,6 +797,8 @@
;
else if (!c_class)
parse_error("Invalid or missing class in Client block");
+ else if (pass && strlen(pass) > PASSWDLEN)
+ parse_error("Password too long in connect block");
else if (ip && !ipmask_parse(ip, &addr, &addrbits))
parse_error("Invalid IP address %s in Client block", ip);
else {
----------------------- End of diff -----------------------
_______________________________________________
Patches mailing list
[email protected]
http://undernet.sbg.org/mailman/listinfo/patches
