From 8843d4f77d8e829135e2ff9b354990134c58c46a Mon Sep 17 00:00:00 2001 From: Will Storey Date: Sat, 21 Oct 2017 20:00:25 -0700 Subject: Strip : from parameters This is to fix #601. The function used to extract the mode string assumed that ":" would only occur in a particular spot. This lead to the possibility that ":" could be treated as part of things like nicknames or mode arguments, where it should have been stripped as part of protocol escaping. --- src/irc/core/irc.c | 32 ++++++++++++++++++++++++++++++-- src/irc/core/modes.c | 4 ++-- 2 files changed, 32 insertions(+), 4 deletions(-) (limited to 'src/irc/core') diff --git a/src/irc/core/irc.c b/src/irc/core/irc.c index 4dce3fcf..790c7122 100644 --- a/src/irc/core/irc.c +++ b/src/irc/core/irc.c @@ -40,6 +40,8 @@ static int signal_server_incoming; # define MAX_SOCKET_READS 5 #endif +static void strip_params_colon(char *const); + /* The core of the irc_send_cmd* functions. If `raw' is TRUE, the `cmd' won't be checked at all if it's 512 bytes or not, or if it contains line feeds or not. Use with extreme caution! */ @@ -269,8 +271,9 @@ char *event_get_params(const char *data, int count, ...) while (count-- > 0) { str = (char **) va_arg(args, char **); if (count == 0 && rest) { - /* put the rest to last parameter */ - tmp = *datad == ':' ? datad+1 : datad; + /* Put the rest into the last parameter. */ + strip_params_colon(datad); + tmp = datad; } else { tmp = event_get_param(&datad); } @@ -281,6 +284,31 @@ char *event_get_params(const char *data, int count, ...) return duprec; } +/* Given a string containing , strip any colon prefixing . */ +static void strip_params_colon(char *const params) +{ + if (!params) { + return; + } + + char *s = params; + while (*s != '\0') { + if (*s == ':') { + memmove(s, s+1, strlen(s+1)+1); + return; + } + + s = strchr(s, ' '); + if (!s) { + return; + } + + while (*s == ' ') { + s++; + } + } +} + static void irc_server_event(IRC_SERVER_REC *server, const char *line, const char *nick, const char *address) { diff --git a/src/irc/core/modes.c b/src/irc/core/modes.c index cc3d0faf..ecbf2571 100644 --- a/src/irc/core/modes.c +++ b/src/irc/core/modes.c @@ -480,8 +480,8 @@ static void event_user_mode(IRC_SERVER_REC *server, const char *data) static void event_mode(IRC_SERVER_REC *server, const char *data, const char *nick) { - IRC_CHANNEL_REC *chanrec; - char *params, *channel, *mode; + IRC_CHANNEL_REC *chanrec = NULL; + char *params = NULL, *channel = NULL, *mode = NULL; g_return_if_fail(data != NULL); -- cgit v1.2.3