adam/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-06-23 11:32:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix some more unsafe substr() calls

Browse Source 
All of these require at least a valid login to znc to cause a std::out_of_range
exceptions, some might not even be exploitable!


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2095 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
psychon
2010-08-03 10:49:03 +00:00
parent c91d032e6b
commit d0e3572afe
4 changed files with 6 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
IRCSock.cpp
+1 -1
View File
@@ -88,7 +88,7 @@ void CIRCSock::ReadLine(const CString& sData) {
return;
} else if (sLine.Equals("ERROR ", false, 6)) {
//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
CString sError(sLine.substr(7));
CString sError(sLine.substr(6));
if (sError.Left(1) == ":") {
sError.LeftChomp();
modules/adminlog.cpp
+1 -1
View File
@@ -52,7 +52,7 @@ public:
if (sLine.Equals("ERROR ", false, 6)) {
//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
//ERROR :Closing Link: nick[24.24.24.24] Killer (Local kill by Killer (reason))
CString sError(sLine.substr(7));
CString sError(sLine.substr(6));
if (sError.Left(1) == ":")
sError.LeftChomp();
Log("[" + m_pUser->GetUserName() + "] disconnected from IRC: " +
modules/away.cpp
+1 -1
View File
@@ -400,7 +400,7 @@ private:
CBlowfish c(m_sPassword, BF_DECRYPT);
sBuffer = c.Crypt(sFile);
if (sBuffer.substr(0, strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
if (sBuffer.Left(strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
{
// failed to decode :(
PutModule("Unable to decode Encrypted messages");
modules/extra/email.cpp
+3 -11
View File
@@ -154,7 +154,7 @@ public:
virtual void ReadLine(const CS_STRING & sLine)
{
if (sLine.substr(0, 5) == "From ")
if (sLine.Left(5) == "From ")
{
if (!m_sMailBuffer.empty())
{
@@ -168,7 +168,7 @@ public:
void ProcessMail()
{
EmailST tmp;
tmp.sUidl = (char *)CMD5(m_sMailBuffer.substr(0, 255));
tmp.sUidl = (char *)CMD5(m_sMailBuffer.Left(255));
VCString vsLines;
VCString::iterator it;
@@ -200,15 +200,7 @@ private:
void CEmail::OnModCommand(const CString& sCommand)
{
CString::size_type iPos = sCommand.find(" ");
CString sCom, sArgs;
if (iPos == CString::npos)
sCom = sCommand;
else
{
sCom = sCommand.substr(0, iPos);
sArgs = sCommand.substr(iPos + 1, CString::npos);
}
CString sCom = sCommand.Token(0);
if (sCom == "timers")
{