1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
$NetBSD: patch-ai,v 1.1 2003/03/29 21:20:30 salo Exp $
Fixes potential remote buffer overflows. See the following url for more
details: http://securityfocus.com/archive/1/315057
Patch by caf@guarana.org.
--- source/misc.c.orig 2002-03-24 10:31:07.000000000 +0100
+++ source/misc.c 2003-03-29 21:44:37.000000000 +0100
@@ -3110,42 +3110,47 @@
static char result[IRCD_BUFFER_SIZE/4 + 1];
char temphost[BIG_BUFFER_SIZE + 1];
char *host;
+ char *atsign;
if (!hostname)
return NULL;
- host = temphost;
- *result = 0;
- memset(result, 0, sizeof(result));
- memset(temphost, 0, sizeof(temphost));
- if (strchr(hostname, '@'))
- {
- if (*hostname == '~')
- hostname++;
- strcpy(result, hostname);
- *strchr(result, '@') = '\0';
- if (strlen(result) > 9)
- {
+
+ atsign = strchr(hostname, '@');
+ if (atsign) {
+ if (*hostname == '~') {
+ strcpy(result, "~*@");
+ } else {
+ size_t ident_len = atsign - hostname;
+
+ if (ident_len <= 9) {
+ /* copy ident@ */
+ strmcpy(result, hostname, ident_len + 1);
+ } else {
+ strmcpy(result, hostname, 8);
result[8] = '*';
- result[9] = '\0';
+ result[9] = '@';
+ result[10] = '\0';
}
- strcat(result, "@");
- if (!(hostname = strchr(hostname, '@')))
- return NULL;
- hostname++;
}
- strcpy(host, hostname);
+ hostname = atsign + 1;
+ } else {
+ *result = 0;
+ }
- if (*host && isdigit(*(host + strlen(host) - 1)))
+ strlcpy(temphost, hostname, sizeof temphost);
+ host = temphost;
+
+ if (*host && isdigit((unsigned char)*(host + strlen(host) - 1)))
{
/* Thanks icebreak for this small patch which fixes this function */
int i;
char *tmp;
- char count=0;
+ char count = 0;
tmp = host;
- while((tmp-host)<strlen(host))
+ while((tmp - host) < strlen(host))
{
- if((tmp=strchr(tmp,'.'))==NULL)
+ if((tmp = strchr(tmp,'.')) == NULL)
break;
count++;
tmp++;
@@ -3154,8 +3159,8 @@
for (i = 0; i < count; i++)
tmp = strchr(tmp, '.') + 1;
*tmp = '\0';
- strcat(result, host);
- strcat(result, "*");
+ strlcat(result, host, sizeof result);
+ strlcat(result, "*", sizeof result);
}
else
{
@@ -3177,17 +3182,18 @@
else
return (char *) NULL;
}
+
+ /* We don't need strlcat for these first two, because
+ * at this point the maximum length of the string in
+ * result is 10 */
strcat(result, "*");
if (my_stricmp(host, temphost))
strcat(result, ".");
- strcat(result, host);
+ strlcat(result, host, sizeof result);
}
return result;
}
-
-
-
struct _sock_manager
{
int init;
|