repo: ngircd
action: commit
revision: 
path_from: 
revision_from: 6626395c88fc46eeb110942b17eb9245a1d0021b:
path_to: 
revision_to: 

commit 6626395c88fc46eeb110942b17eb9245a1d0021b
Author: Alexander Barton 
Date:   Thu Dec 26 16:48:14 2002 +0000

    - replaced a lot of strcat() calls with strlcat() which is more secure.

diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c

--- a/src/ngircd/channel.c
+++ b/src/ngircd/channel.c
@@ -17,7 +17,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: channel.c,v 1.40 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: channel.c,v 1.41 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -494,7 +494,7 @@ Channel_ModeAdd( CHANNEL *Chan, CHAR Mode )
 	if( ! strchr( Chan->modes, x[0] ))
 	{
 		/* Client hat den Mode noch nicht -> setzen */
-		strcat( Chan->modes, x );
+		strlcat( Chan->modes, x, sizeof( Chan->modes ));
 		return TRUE;
 	}
 	else return FALSE;
@@ -547,7 +547,7 @@ Channel_UserModeAdd( CHANNEL *Chan, CLIENT *Client, CHAR Mode )
 	if( ! strchr( cl2chan->modes, x[0] ))
 	{
 		/* Client hat den Mode noch nicht -> setzen */
-		strcat( cl2chan->modes, x );
+		strlcat( cl2chan->modes, x, sizeof( cl2chan->modes ));
 		return TRUE;
 	}
 	else return FALSE;
diff --git a/src/ngircd/client.c b/src/ngircd/client.c

--- a/src/ngircd/client.c
+++ b/src/ngircd/client.c
@@ -17,7 +17,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: client.c,v 1.68 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: client.c,v 1.69 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -465,7 +465,7 @@ Client_ModeAdd( CLIENT *Client, CHAR Mode )
 	if( ! strchr( Client->modes, x[0] ))
 	{
 		/* Client hat den Mode noch nicht -> setzen */
-		strcat( Client->modes, x );
+		strlcat( Client->modes, x, sizeof( Client->modes ));
 		return TRUE;
 	}
 	else return FALSE;
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c

--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: conf.c,v 1.49 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: conf.c,v 1.50 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -178,8 +178,8 @@ Set_Defaults( VOID )
 	strcpy( Conf_ServerAdmin2, "" );
 	strcpy( Conf_ServerAdminMail, "" );

-	strcpy( Conf_MotdFile, SYSCONFDIR );
-	strcat( Conf_MotdFile, MOTD_FILE );
+	strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile ));
+	strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile ));

 	Conf_ListenPorts_Count = 0;

diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c

--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: conn.c,v 1.107 2002/12/19 04:35:26 alex Exp $";
+static char UNUSED id[] = "$Id: conn.c,v 1.108 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -495,7 +495,7 @@ va_dcl
 	if( NGIRCd_Sniffer ) Log( LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer );
 #endif

-	strcat( buffer, "\r\n" );
+	strlcat( buffer, "\r\n", sizeof( buffer ));
 	ok = Conn_Write( Idx, buffer, strlen( buffer ));
 	My_Connections[Idx].msg_out++;

diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c

--- a/src/ngircd/irc-info.c
+++ b/src/ngircd/irc-info.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: irc-info.c,v 1.9 2002/12/22 23:30:33 alex Exp $";
+static char UNUSED id[] = "$Id: irc-info.c,v 1.10 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -104,8 +104,8 @@ IRC_ISON( CLIENT *Client, REQUEST *Req )
 			if( c && ( Client_Type( c ) == CLIENT_USER ))
 			{
 				/* Dieser Nick ist "online" */
-				strcat( rpl, ptr );
-				strcat( rpl, " " );
+				strlcat( rpl, ptr, sizeof( rpl ));
+				strlcat( rpl, " ", sizeof( rpl ));
 			}
 			ptr = strtok( NULL, " " );
 		}
@@ -302,8 +302,8 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req )
 		if(( Client_Type( c ) == CLIENT_USER ) && ( Channel_FirstChannelOf( c ) == NULL ) && ( ! strchr( Client_Modes( c ), 'i' )))
 		{
 			/* Okay, das ist ein User: anhaengen */
-			if( rpl[strlen( rpl ) - 1] != ':' ) strcat( rpl, " " );
-			strcat( rpl, Client_ID( c ));
+			if( rpl[strlen( rpl ) - 1] != ':' ) strlcat( rpl, " ", sizeof( rpl ));
+			strlcat( rpl, Client_ID( c ), sizeof( rpl ));

 			if( strlen( rpl ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 ))
 			{
@@ -464,15 +464,15 @@ IRC_USERHOST( CLIENT *Client, REQUEST *Req )
 		if( c && ( Client_Type( c ) == CLIENT_USER ))
 		{
 			/* Dieser Nick ist "online" */
-			strcat( rpl, Client_ID( c ));
-			if( Client_HasMode( c, 'o' )) strcat( rpl, "*" );
-			strcat( rpl, "=" );
-			if( Client_HasMode( c, 'a' )) strcat( rpl, "-" );
-			else strcat( rpl, "+" );
-			strcat( rpl, Client_User( c ));
-			strcat( rpl, "@" );
-			strcat( rpl, Client_Hostname( c ));
-			strcat( rpl, " " );
+			strlcat( rpl, Client_ID( c ), sizeof( rpl ));
+			if( Client_HasMode( c, 'o' )) strlcat( rpl, "*", sizeof( rpl ));
+			strlcat( rpl, "=", sizeof( rpl ));
+			if( Client_HasMode( c, 'a' )) strlcat( rpl, "-", sizeof( rpl ));
+			else strlcat( rpl, "+", sizeof( rpl ));
+			strlcat( rpl, Client_User( c ), sizeof( rpl ));
+			strlcat( rpl, "@", sizeof( rpl ));
+			strlcat( rpl, Client_Hostname( c ), sizeof( rpl ));
+			strlcat( rpl, " ", sizeof( rpl ));
 		}
 	}
 	if( rpl[strlen( rpl ) - 1] == ' ' ) rpl[strlen( rpl ) - 1] = '\0';
@@ -572,7 +572,7 @@ IRC_WHO( CLIENT *Client, REQUEST *Req )
 			{
 				/* Flags zusammenbasteln */
 				strcpy( flags, "H" );
-				if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" );
+				if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags ));

 				/* ausgeben */
 				cl2chan = Channel_FirstChannelOf( c );
@@ -644,10 +644,10 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req )
 		assert( chan != NULL );

 		/* Channel-Name anhaengen */
-		if( str[strlen( str ) - 1] != ':' ) strcat( str, " " );
-		if( strchr( Channel_UserModes( chan, c ), 'o' )) strcat( str, "@" );
-		else if( strchr( Channel_UserModes( chan, c ), 'v' )) strcat( str, "+" );
-		strcat( str, Channel_Name( chan ));
+		if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str ));
+		if( strchr( Channel_UserModes( chan, c ), 'o' )) strlcat( str, "@", sizeof( str ));
+		else if( strchr( Channel_UserModes( chan, c ), 'v' )) strlcat( str, "+", sizeof( str ));
+		strlcat( str, Channel_Name( chan ), sizeof( str ));

 		if( strlen( str ) > ( LINE_LEN - CHANNEL_NAME_LEN - 4 ))
 		{
@@ -806,10 +806,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
 		if( is_member || is_visible )
 		{
 			/* Nick anhaengen */
-			if( str[strlen( str ) - 1] != ':' ) strcat( str, " " );
-			if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strcat( str, "@" );
-			else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strcat( str, "+" );
-			strcat( str, Client_ID( cl ));
+			if( str[strlen( str ) - 1] != ':' ) strlcat( str, " ", sizeof( str ));
+			if( strchr( Channel_UserModes( Chan, cl ), 'o' )) strlcat( str, "@", sizeof( str ));
+			else if( strchr( Channel_UserModes( Chan, cl ), 'v' )) strlcat( str, "+", sizeof( str ));
+			strlcat( str, Client_ID( cl ), sizeof( str ));

 			if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 4 ))
 			{
@@ -859,9 +859,9 @@ IRC_Send_WHO( CLIENT *Client, CHANNEL *Chan, BOOLEAN OnlyOps )
 		{
 			/* Flags zusammenbasteln */
 			strcpy( flags, "H" );
-			if( strchr( Client_Modes( c ), 'o' )) strcat( flags, "*" );
-			if( strchr( Channel_UserModes( Chan, c ), 'o' )) strcat( flags, "@" );
-			else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strcat( flags, "+" );
+			if( strchr( Client_Modes( c ), 'o' )) strlcat( flags, "*", sizeof( flags ));
+			if( strchr( Channel_UserModes( Chan, c ), 'o' )) strlcat( flags, "@", sizeof( flags ));
+			else if( strchr( Channel_UserModes( Chan, c ), 'v' )) strlcat( flags, "+", sizeof( flags ));

 			/* ausgeben */
 			if(( ! OnlyOps ) || ( strchr( Client_Modes( c ), 'o' )))
diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c

--- a/src/ngircd/irc-mode.c
+++ b/src/ngircd/irc-mode.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: irc-mode.c,v 1.24 2002/12/18 14:16:21 alex Exp $";
+static char UNUSED id[] = "$Id: irc-mode.c,v 1.25 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -142,7 +142,8 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target )
 					else
 					{
 						/* Append modifier character to result string */
-						x[0] = *mode_ptr; strcat( the_modes, x );
+						x[0] = *mode_ptr;
+						strlcat( the_modes, x, sizeof( the_modes ));
 					}
 					if( *mode_ptr == '+' ) set = TRUE;
 					else set = FALSE;
@@ -195,13 +196,13 @@ Client_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CLIENT *Target )
 		if( set )
 		{
 			/* Set mode */
-			if( Client_ModeAdd( Target, x[0] )) strcat( the_modes, x );
+			if( Client_ModeAdd( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes ));

 		}
 		else
 		{
 			/* Unset mode */
-			if( Client_ModeDel( Target, x[0] )) strcat( the_modes, x );
+			if( Client_ModeDel( Target, x[0] )) strlcat( the_modes, x, sizeof( the_modes ));
 		}		
 	}
 client_exit:
@@ -305,7 +306,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 					else
 					{
 						/* Append modifier character to result string */
-						x[0] = *mode_ptr; strcat( the_modes, x );
+						x[0] = *mode_ptr;
+						strlcat( the_modes, x, sizeof( the_modes ));
 					}
 					if( *mode_ptr == '+' ) set = TRUE;
 					else set = FALSE;
@@ -480,8 +482,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 				/* Channel-User-Mode */
 				if( Channel_UserModeAdd( Channel, client, x[0] ))
 				{
-					strcat( the_args, Client_ID( client ));
-					strcat( the_args, " " ); strcat( the_modes, x );
+					strlcat( the_args, Client_ID( client ), sizeof( the_args ));
+					strlcat( the_args, " ", sizeof( the_args ));
+					strlcat( the_modes, x, sizeof( the_modes ));
 					Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client ));
 				}
 			}
@@ -490,7 +493,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 				/* Channel-Mode */
 				if( Channel_ModeAdd( Channel, x[0] ))
 				{
-					strcat( the_modes, x );
+					strlcat( the_modes, x, sizeof( the_modes ));
 					Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel ));
 				}
 			}
@@ -503,8 +506,9 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 				/* Channel-User-Mode */
 				if( Channel_UserModeDel( Channel, client, x[0] ))
 				{
-					strcat( the_args, Client_ID( client ));
-					strcat( the_args, " " ); strcat( the_modes, x );
+					strlcat( the_args, Client_ID( client ), sizeof( the_args ));
+					strlcat( the_args, " ", sizeof( the_args ));
+					strlcat( the_modes, x, sizeof( the_modes ));
 					Log( LOG_DEBUG, "User \"%s\": Mode change on %s, now \"%s\"", Client_Mask( client ), Channel_Name( Channel ), Channel_UserModes( Channel, client ));
 				}
 			}
@@ -513,7 +517,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 				/* Channel-Mode */
 				if( Channel_ModeDel( Channel, x[0] ))
 				{
-					strcat( the_modes, x );
+					strlcat( the_modes, x, sizeof( the_modes ));
 					Log( LOG_DEBUG, "Channel %s: Mode change, now \"%s\".", Channel_Name( Channel ), Channel_Modes( Channel ));
 				}
 			}
@@ -522,8 +526,8 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
 		/* Are there additional arguments to add? */
 		if( argadd[0] )
 		{
-			if( the_args[strlen( the_args ) - 1] != ' ' ) strcat( the_args, " " );
-			strcat( the_args, argadd );
+			if( the_args[strlen( the_args ) - 1] != ' ' ) strlcat( the_args, " ", sizeof( the_args ));
+			strlcat( the_args, argadd, sizeof( the_args ));
 		}
 	}
 chan_exit:
diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c

--- a/src/ngircd/irc-server.c
+++ b/src/ngircd/irc-server.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: irc-server.c,v 1.25 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: irc-server.c,v 1.26 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -195,10 +195,10 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
 				assert( cl != NULL );

 				/* Nick, ggf. mit Modes, anhaengen */
-				if( str[strlen( str ) - 1] != ':' ) strcat( str, "," );
-				if( strchr( Channel_UserModes( chan, cl ), 'v' )) strcat( str, "+" );
-				if( strchr( Channel_UserModes( chan, cl ), 'o' )) strcat( str, "@" );
-				strcat( str, Client_ID( cl ));
+				if( str[strlen( str ) - 1] != ':' ) strlcat( str, ",", sizeof( str ));
+				if( strchr( Channel_UserModes( chan, cl ), 'v' )) strlcat( str, "+", sizeof( str ));
+				if( strchr( Channel_UserModes( chan, cl ), 'o' )) strlcat( str, "@", sizeof( str ));
+				strlcat( str, Client_ID( cl ), sizeof( str ));

 				if( strlen( str ) > ( LINE_LEN - CLIENT_NICK_LEN - 8 ))
 				{
diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c

--- a/src/ngircd/ngircd.c
+++ b/src/ngircd/ngircd.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: ngircd.c,v 1.67 2002/12/26 16:25:43 alex Exp $";
+static char UNUSED id[] = "$Id: ngircd.c,v 1.68 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -73,8 +73,8 @@ main( int argc, const char *argv[] )
 #ifdef SNIFFER
 	NGIRCd_Sniffer = FALSE;
 #endif
-	strcpy( NGIRCd_ConfFile, SYSCONFDIR );
-	strcat( NGIRCd_ConfFile, CONFIG_FILE );
+	strlcpy( NGIRCd_ConfFile, SYSCONFDIR, sizeof( NGIRCd_ConfFile ));
+	strlcat( NGIRCd_ConfFile, CONFIG_FILE, sizeof( NGIRCd_ConfFile ));

 	/* Kommandozeile parsen */
 	for( i = 1; i < argc; i++ )
@@ -376,12 +376,12 @@ NGIRCd_VersionAddition( VOID )
 	strcat( txt, "IRCPLUS" );
 #endif

-	if( txt[0] ) strcat( txt, "-" );
-	strcat( txt, TARGET_CPU );
-	strcat( txt, "/" );
-	strcat( txt, TARGET_VENDOR );
-	strcat( txt, "/" );
-	strcat( txt, TARGET_OS );
+	if( txt[0] ) strlcat( txt, "-", sizeof( txt ));
+	strlcat( txt, TARGET_CPU, sizeof( txt ));
+	strlcat( txt, "/", sizeof( txt ));
+	strlcat( txt, TARGET_VENDOR, sizeof( txt ));
+	strlcat( txt, "/", sizeof( txt ));
+	strlcat( txt, TARGET_OS, sizeof( txt ));

 	return txt;
 } /* NGIRCd_VersionAddition */
diff --git a/src/ngircd/ngircd.h b/src/ngircd/ngircd.h

--- a/src/ngircd/ngircd.h
+++ b/src/ngircd/ngircd.h
@@ -8,7 +8,7 @@
  * (at your option) any later version.
  * Please read the file COPYING, README and AUTHORS for more information.
  *
- * $Id: ngircd.h,v 1.18 2002/12/19 04:30:00 alex Exp $
+ * $Id: ngircd.h,v 1.19 2002/12/26 16:48:14 alex Exp $
  *
  * Prototypes of the "main module".
  */
@@ -45,7 +45,7 @@ GLOBAL CHAR NGIRCd_DebugLevel[2];	/* Debug-Level fuer IRC_VERSION() */

 GLOBAL CHAR NGIRCd_ConfFile[FNAME_LEN];	/* Konfigurationsdatei */

-GLOBAL CHAR NGIRCd_ProtoID[1024];	/* Protokoll- und Server-Identifikation */
+GLOBAL CHAR NGIRCd_ProtoID[COMMAND_LEN];/* Protokoll- und Server-Identifikation */


 GLOBAL CHAR *NGIRCd_Version PARAMS((VOID ));
diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c

--- a/src/ngircd/parse.c
+++ b/src/ngircd/parse.c
@@ -14,7 +14,7 @@

 #include "portab.h"

-static char UNUSED id[] = "$Id: parse.c,v 1.52 2002/12/18 13:53:20 alex Exp $";
+static char UNUSED id[] = "$Id: parse.c,v 1.53 2002/12/26 16:48:14 alex Exp $";

 #include "imp.h"
 #include 
@@ -363,9 +363,9 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 		strcpy( str, Req->command );
 		for( i = 0; i < Req->argc; i++ )
 		{
-			if( i < Req->argc - 1 ) strcat( str, " " );
-			else strcat( str, " :" );
-			strcat( str, Req->argv[i] );
+			if( i < Req->argc - 1 ) strlcat( str, " ", sizeof( str ));
+			else strlcat( str, " :", sizeof( str ));
+			strlcat( str, Req->argv[i], sizeof( str ));
 		}
 		return IRC_WriteStrClientPrefix( target, prefix, "%s", str );
 	}

-----END OF PAGE-----