projects / silc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed string format vulnerability in client entry handling.
[silc.git] / lib / silcclient / client_entry.c
diff --git a/lib/silcclient/client_entry.c b/lib/silcclient/client_entry.c
index 64810b75d4fe640e12654280e8d697b74e6f0209..c950bfb283ee032029b1663d0419d383a783b986 100644 (file)
--- a/lib/silcclient/client_entry.c
+++ b/lib/silcclient/client_entry.c
@@ -4,7 +4,7 @@
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2001 - 2007 Pekka Riikonen
+  Copyright (C) 2001 - 2008 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -801,10 +801,10 @@ SilcClientEntry silc_client_add_client(SilcClient client,
                      client_entry->server, sizeof(client_entry->server));
   if (nickname && client->internal->params->full_nicknames)
     silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                 nickname);
+                 "%s", nickname);
   else if (nickname)
     silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                 parsed);
+                 "%s", parsed);
 
   silc_parse_userfqdn(username, client_entry->username,
                      sizeof(client_entry->username),
@@ -815,9 +815,9 @@ SilcClientEntry silc_client_add_client(SilcClient client,
                                                 NULL, NULL, NULL, TRUE);
   if (!client_entry->channels) {
     silc_free(client_entry->realname);
-        silc_atomic_uninit32(&client_entry->internal.deleted);
-        silc_atomic_uninit32(&client_entry->internal.refcnt);
-        silc_rwlock_free(client_entry->internal.lock);
+    silc_atomic_uninit32(&client_entry->internal.deleted);
+    silc_atomic_uninit32(&client_entry->internal.refcnt);
+    silc_rwlock_free(client_entry->internal.lock);
     silc_free(client_entry);
     return NULL;
   }
@@ -829,9 +829,9 @@ SilcClientEntry silc_client_add_client(SilcClient client,
     if (!nick) {
       silc_hash_table_free(client_entry->channels);
       silc_free(client_entry->realname);
-          silc_atomic_uninit32(&client_entry->internal.deleted);
-          silc_atomic_uninit32(&client_entry->internal.refcnt);
-          silc_rwlock_free(client_entry->internal.lock);
+      silc_atomic_uninit32(&client_entry->internal.deleted);
+      silc_atomic_uninit32(&client_entry->internal.refcnt);
+      silc_rwlock_free(client_entry->internal.lock);
       silc_free(client_entry);
       return NULL;
     }
@@ -845,9 +845,9 @@ SilcClientEntry silc_client_add_client(SilcClient client,
     silc_free(nick);
     silc_hash_table_free(client_entry->channels);
     silc_free(client_entry->realname);
-        silc_atomic_uninit32(&client_entry->internal.deleted);
-        silc_atomic_uninit32(&client_entry->internal.refcnt);
-        silc_rwlock_free(client_entry->internal.lock);
+    silc_atomic_uninit32(&client_entry->internal.deleted);
+    silc_atomic_uninit32(&client_entry->internal.refcnt);
+    silc_rwlock_free(client_entry->internal.lock);
     silc_free(client_entry);
     silc_mutex_unlock(conn->internal->lock);
     return NULL;
@@ -900,10 +900,10 @@ void silc_client_update_client(SilcClient client,
                        client_entry->server, sizeof(client_entry->server));
     if (client->internal->params->full_nicknames)
       silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                   nickname);
+                   "%s", nickname);
     else
       silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                   parsed);
+                   "%s", parsed);
 
     /* Normalize nickname */
     nick = silc_identifier_check(parsed, strlen(parsed),
@@ -1019,10 +1019,10 @@ SilcBool silc_client_del_client(SilcClient client, SilcClientConnection conn,
   if (!client_entry)
     return FALSE;
 
-  SILC_LOG_DEBUG(("Marking client entry %p deleted"));
+  SILC_LOG_DEBUG(("Marking client entry %p deleted", client_entry));
 
   if (silc_atomic_sub_int32(&client_entry->internal.deleted, 1) != 0) {
-    SILC_LOG_DEBUG(("Client entry %p already marked deleted"));
+    SILC_LOG_DEBUG(("Client entry %p already marked deleted", client_entry));
     return FALSE;
   }
 
@@ -1206,7 +1206,7 @@ SilcClientEntry silc_client_nickname_format(SilcClient client,
         return NULL;
 
       silc_snprintf(client_entry->nickname, sizeof(client_entry->nickname),
-                   cp);
+                   "%s", cp);
       silc_free(cp);
     }
 
@@ -1661,7 +1661,7 @@ SilcChannelEntry silc_client_add_channel(SilcClient client,
   if (!channel->channel_name) {
     silc_rwlock_free(channel->internal.lock);
     silc_atomic_uninit32(&channel->internal.refcnt);
-        silc_atomic_uninit32(&channel->internal.deleted);
+    silc_atomic_uninit32(&channel->internal.deleted);
     silc_free(channel);
     return NULL;
   }
@@ -1671,7 +1671,7 @@ SilcChannelEntry silc_client_add_channel(SilcClient client,
   if (!channel->user_list) {
     silc_rwlock_free(channel->internal.lock);
     silc_atomic_uninit32(&channel->internal.refcnt);
-        silc_atomic_uninit32(&channel->internal.deleted);
+    silc_atomic_uninit32(&channel->internal.deleted);
     silc_free(channel->channel_name);
     silc_free(channel);
     return NULL;
@@ -1683,7 +1683,7 @@ SilcChannelEntry silc_client_add_channel(SilcClient client,
   if (!channel_namec) {
     silc_rwlock_free(channel->internal.lock);
     silc_atomic_uninit32(&channel->internal.refcnt);
-        silc_atomic_uninit32(&channel->internal.deleted);
+    silc_atomic_uninit32(&channel->internal.deleted);
     silc_free(channel->channel_name);
     silc_hash_table_free(channel->user_list);
     silc_free(channel);
@@ -1697,7 +1697,7 @@ SilcChannelEntry silc_client_add_channel(SilcClient client,
                        &channel->id, channel)) {
     silc_rwlock_free(channel->internal.lock);
     silc_atomic_uninit32(&channel->internal.refcnt);
-        silc_atomic_uninit32(&channel->internal.deleted);
+    silc_atomic_uninit32(&channel->internal.deleted);
     silc_free(channel_namec);
     silc_free(channel->channel_name);
     silc_hash_table_free(channel->user_list);
@@ -1722,10 +1722,10 @@ SilcBool silc_client_del_channel(SilcClient client, SilcClientConnection conn,
   if (!channel)
     return FALSE;
 
-  SILC_LOG_DEBUG(("Marking channel entry %p deleted"));
+  SILC_LOG_DEBUG(("Marking channel entry %p deleted", channel));
 
   if (silc_atomic_sub_int32(&channel->internal.deleted, 1) != 0) {
-    SILC_LOG_DEBUG(("Channel entry %p already marked deleted"));
+    SILC_LOG_DEBUG(("Channel entry %p already marked deleted", channel));
     return FALSE;
   }
 
@@ -2149,11 +2149,7 @@ SilcBool silc_client_del_server(SilcClient client, SilcClientConnection conn,
     return FALSE;
 
   if (silc_atomic_sub_int32(&server->internal.deleted, 1) != 0)
-  {
-         SILC_LOG_DEBUG(("** WARNING ** Deleting a server twice %p", server));
-//       asm("int3");
-         return FALSE;
-  }
+    return FALSE;
 
   silc_client_unref_server(client, conn, server);
   return TRUE;
SILC - Secure Internet Live Conferencing