Fixed CUMODE mode->mode character conversion buffer overflow.

author Pekka Riikonen <priikone@silcnet.org>

Thu, 27 Jun 2002 17:04:17 +0000 (17:04 +0000)

committer Pekka Riikonen <priikone@silcnet.org>

Thu, 27 Jun 2002 17:04:17 +0000 (17:04 +0000)
author Pekka Riikonen <priikone@silcnet.org>
Thu, 27 Jun 2002 17:04:17 +0000 (17:04 +0000)
committer Pekka Riikonen <priikone@silcnet.org>
Thu, 27 Jun 2002 17:04:17 +0000 (17:04 +0000)
diff --git a/CHANGES b/CHANGES

index 201c1f2bb08c236197840445399892542d68c4c5..c0b18f0a43a028016ae85a4f6689334dcb0270f0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Thu Jun 27 20:07:27 EEST 2002 Pekka Riikonen <priikone@silcnet.org>
+
+       * Buffer overflow with CUMODE command's mode->mode character
+         conversion.  Reported by Ville Räsänen.  Affected file
+         lib/silcutil/silcutil.c.
+
  Thu Jun 27 16:54:33 EEST 2002 Pekka Riikonen <priikone@silcnet.org>
  
         * Allow heartbeat packets to go disabled connections anyway.
diff --git a/apps/silcd/server.c b/apps/silcd/server.c

index 34f7b9ba34d39d3ecc2f96cb104c2290b4669a4e..b0ec5cacc015e844917d26f61387586ae81685f4 100644 (file)
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -3707,7 +3707,6 @@ SilcChannelEntry silc_server_save_channel_key(SilcServer server,
        if (!channel) {
         SILC_LOG_ERROR(("Received key for non-existent channel %s",
                         silc_id_render(id, SILC_ID_CHANNEL)));
-       assert(FALSE);
         goto out;
        }
      }
diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c

index 8bc4e2c32a736c0f788e67067ba1e752b422d176..74d51702c1d308a83c900c3d1453faa9d83214fe 100644 (file)
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -653,11 +653,15 @@ char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
    if (mode & SILC_CHANNEL_MODE_SILENCE_OPERS)
      strncat(string, "M", 1);
  
-  if (mode & SILC_CHANNEL_MODE_CIPHER)
-    strncat(string, cipher, strlen(cipher));
+  if (mode & SILC_CHANNEL_MODE_CIPHER) {
+    if (strlen(cipher) + strlen(string) < sizeof(string))
+      strncat(string, cipher, strlen(cipher));
+  }
  
-  if (mode & SILC_CHANNEL_MODE_HMAC)
-    strncat(string, hmac, strlen(hmac));
+  if (mode & SILC_CHANNEL_MODE_HMAC) {
+    if (strlen(hmac) + strlen(string) < sizeof(string))
+      strncat(string, hmac, strlen(hmac));
+  }
  
    /* Rest of mode is ignored */
  
@@ -668,7 +672,7 @@ char *silc_client_chmode(SilcUInt32 mode, const char *cipher, const char *hmac)
  
  char *silc_client_chumode(SilcUInt32 mode)
  {
-  char string[4];
+  char string[64];
  
    if (!mode)
      return NULL;
@@ -700,7 +704,7 @@ char *silc_client_chumode(SilcUInt32 mode)
  
  char *silc_client_chumode_char(SilcUInt32 mode)
  {
-  char string[4];
+  char string[64];
  
    if (!mode)
      return NULL;
author	Pekka Riikonen <priikone@silcnet.org>
	Thu, 27 Jun 2002 17:04:17 +0000 (17:04 +0000)
committer	Pekka Riikonen <priikone@silcnet.org>
	Thu, 27 Jun 2002 17:04:17 +0000 (17:04 +0000)
CHANGES		patch \| blob \| history
apps/silcd/server.c		patch \| blob \| history
lib/silcutil/silcutil.c		patch \| blob \| history