head 1.6; access; symbols OPENPKG_E1_MP_HEAD:1.4 OPENPKG_E1_MP:1.4 OPENPKG_E1_MP_2_STABLE:1.2.6.1 OPENPKG_E1_FP:1.2.6.1 OPENPKG_2_STABLE_MP:1.4 OPENPKG_2_STABLE_20061018:1.2.6.1 OPENPKG_2_STABLE_20060622:1.2 OPENPKG_2_STABLE:1.2.0.6 OPENPKG_2_STABLE_BP:1.2 OPENPKG_2_5_RELEASE:1.2 OPENPKG_2_5_SOLID:1.2.0.4 OPENPKG_2_5_SOLID_BP:1.2 OPENPKG_2_4_RELEASE:1.2 OPENPKG_2_4_SOLID:1.2.0.2 OPENPKG_2_4_SOLID_BP:1.2 OPENPKG_2_3_RELEASE:1.1 OPENPKG_2_3_SOLID:1.1.0.12 OPENPKG_2_3_SOLID_BP:1.1 OPENPKG_2_2_RELEASE:1.1 OPENPKG_2_2_SOLID:1.1.0.10 OPENPKG_2_2_SOLID_BP:1.1 OPENPKG_2_1_RELEASE:1.1 OPENPKG_2_1_SOLID:1.1.0.8 OPENPKG_2_1_SOLID_BP:1.1 OPENPKG_2_0_RELEASE:1.1 OPENPKG_2_0_SOLID:1.1.0.6 OPENPKG_2_0_SOLID_BP:1.1 OPENPKG_1_1_SOLID:1.1.0.4 OPENPKG_1_2_SOLID:1.1.0.2; locks; strict; comment @# @; 1.6 date 2009.02.19.22.44.16; author rse; state Exp; branches; next 1.5; commitid jsCCrNyoR1Yv56Dt; 1.5 date 2008.04.08.16.47.43; author rse; state Exp; branches; next 1.4; commitid Lhru1r0xbrXVikYs; 1.4 date 2006.07.22.15.31.52; author rse; state Exp; branches; next 1.3; commitid uGjKv6JcdPYs0SFr; 1.3 date 2006.07.15.15.02.49; author rse; state Exp; branches; next 1.2; commitid aiLlLK24NDXr4YEr; 1.2 date 2005.06.04.21.15.47; author rse; state Exp; branches 1.2.6.1; next 1.1; 1.1 date 2003.03.19.13.57.05; author thl; state dead; branches 1.1.2.1 1.1.4.1; next ; 1.2.6.1 date 2006.10.16.14.51.19; author rse; state Exp; branches; next ; commitid iZxwRSmmWscPXUQr; 1.1.2.1 date 2003.03.19.13.57.05; author thl; state Exp; branches; next ; 1.1.4.1 date 2003.03.19.13.59.49; author thl; state Exp; branches; next ; desc @@ 1.6 log @upgrading package: ircii 20080314 -> 20081115 @ text @Index: include/whois.h --- include/whois.h.orig 2004-01-06 09:14:08 +0100 +++ include/whois.h 2009-02-19 23:40:50 +0100 @@@@ -42,6 +42,7 @@@@ void whois_name(u_char *, u_char **); void whowas_name(u_char *, u_char **); void whois_channels(u_char *, u_char **); + void whois_loggedinas(u_char *, u_char **); void whois_server(u_char *, u_char **); void whois_oper(u_char *, u_char **); void whois_lastcom(u_char *, u_char **); Index: source/numbers.c --- source/numbers.c.orig 2004-01-08 00:30:00 +0100 +++ source/numbers.c 2009-02-19 23:40:50 +0100 @@@@ -506,6 +506,10 @@@@ funny_mode(from, ArgList); break; + case 330: /* #define RPL_WHOISLOGGEDIN 330 */ + whois_loggedinas(from, ArgList); + break; + case 341: /* #define RPL_INVITING 341 */ invite(from, ArgList); break; Index: source/whois.c --- source/whois.c.orig 2006-07-22 05:50:10 +0200 +++ source/whois.c 2009-02-19 23:40:50 +0100 @@@@ -541,6 +541,28 @@@@ } /* + * whois_server: Called in numbers.c when a numeric of 330 is received. + * Ratbox IRC sends ":%s 330 %s %s %s :is logged in as" with args + * me.name, data->client->name, data->target->name, data->target->user->suser + */ +void +whois_loggedinas(from, ArgList) + u_char *from; + u_char **ArgList; +{ + if (!ignore_whois_crap) { + u_char *nick, *user; + PasteArgs(ArgList, 2); + if ((nick = ArgList[0]) && (user = ArgList[1]) && + do_hook(current_numeric, "%s %s %s %s", from, + nick, user, ArgList[2])) { + put_it("%s %s is logged in as %s", numeric_banner(), + nick, user); + } + } +} + +/* * whois_oper: This displays the operator status of a user, as returned by * numeric 313 from the server. If the ignore_whois_crap flag is set, * nothing is dispayed. @ 1.5 log @upgrading package: ircii 20060725 -> 20080314 @ text @d3 1 a3 1 +++ include/whois.h 2008-04-08 18:43:44 +0200 d14 1 a14 1 +++ source/numbers.c 2008-04-08 18:43:44 +0200 d28 1 a28 1 +++ source/whois.c 2008-04-08 18:43:44 +0200 @ 1.4 log @upgrading package: ircii 20060705 -> 20060721 @ text @d3 1 a3 1 +++ include/whois.h 2006-07-22 16:46:49 +0200 d14 1 a14 1 +++ source/numbers.c 2006-07-22 16:46:49 +0200 d28 1 a28 1 +++ source/whois.c 2006-07-22 16:46:49 +0200 @ 1.3 log @upgrading package: ircii 20040820 -> 20060705 @ text @d3 1 a3 1 +++ include/whois.h 2006-07-15 16:55:44 +0200 a11 12 Index: source/irc.c --- source/irc.c.orig 2006-07-06 02:24:29 +0200 +++ source/irc.c 2006-07-15 17:00:30 +0200 @@@@ -32,7 +32,7 @@@@ * SUCH DAMAGE. */ -#define IRCII_VERSION "20050705" /* YYYYMMDD */ +#define IRCII_VERSION "20060705" /* YYYYMMDD */ #include "irc.h" IRCII_RCSID("@@(#)$eterna: irc.c,v 1.294 2006/07/06 00:24:29 mrg Exp $"); d14 1 a14 1 +++ source/numbers.c 2006-07-15 16:55:44 +0200 d27 2 a28 2 --- source/whois.c.orig 2006-07-06 02:05:53 +0200 +++ source/whois.c 2006-07-15 16:55:44 +0200 @ 1.2 log @Allow ircII to decode the 330/RPL_WHOISLOGGEDIN (which Ratbox IRCd sends if someone is logged in to USERSERV) response as ' is logged in as ' instead of ' is logged in as' @ text @d3 1 a3 1 +++ include/whois.h 2005-06-04 20:38:58 +0200 d12 12 d26 1 a26 1 +++ source/numbers.c 2005-06-04 20:38:38 +0200 d39 2 a40 2 --- source/whois.c.orig 2004-01-08 00:30:00 +0100 +++ source/whois.c 2005-06-04 23:02:06 +0200 @ 1.2.6.1 log @Mass merge from CURRENT to 2-STABLE (all packages except those of JUNK class) @ text @d3 1 a3 1 +++ include/whois.h 2006-07-22 16:46:49 +0200 d14 1 a14 1 +++ source/numbers.c 2006-07-22 16:46:49 +0200 d27 2 a28 2 --- source/whois.c.orig 2006-07-22 05:50:10 +0200 +++ source/whois.c 2006-07-22 16:46:49 +0200 @ 1.1 log @file ircii.patch was initially added on branch OPENPKG_1_2_SOLID. @ text @d1 57 @ 1.1.4.1 log @OpenPKG-SA-2003.024-ircii @ text @a0 786 From: Timo Sirainen Subject: Buffer overflows in ircII-based clients Date: 14 Mar 2003 00:17:55 +0200 Message-ID: <1047593874.20734.12.camel@@hurina> ircii 20020912 1) [sample IRC commands] overflows ctcp_buffer [...] 2) cannot_join_channel() allows writing [...] past buffer in stack [...] 3) Statusbar drawing has several buffer overflows. [...] 4) Some of the other my_strcat() calls may overflow buffer [...] ircii-20030313 fixes these. This patch was created by extracting differences from vendor sources by the openpkg-security@@openpkg.org team. It can be applied to ircii-20020403 and ircii-20021103. --- ircii-20021103/source/alias.c Wed Sep 4 18:56:40 2002 +++ ircii-20030315/source/alias.c Thu Mar 13 12:34:27 2003 @@@@ -2923,10 +2923,10 @@@@ if ((Client->flags & (DCC_CHAT|DCC_ACTIVE)) == (DCC_CHAT|DCC_ACTIVE)) { if (notfirst) - my_strcat(result, ","); + my_strmcat(result, ",", len); else notfirst = 1; - my_strcat(result, Client->user); + my_strmcat(result, Client->user, len); } return (result); @@@@ -3419,10 +3419,10 @@@@ for (nicks = chan->nicks; nicks; nicks = nicks->next) { if (notfirst) - my_strcat(result, " "); + my_strmcat(result, " ", len); else notfirst = 1; - my_strcat(result, nicks->nick); + my_strmcat(result, nicks->nick, len); } return (result); --- ircii-20021103/source/ctcp.c Tue Sep 3 04:39:30 2002 +++ ircii-20030315/source/ctcp.c Thu Mar 13 12:34:27 2003 @@@@ -606,7 +606,7 @@@@ if (messages > 3) break; *(cmd++) = '\0'; - my_strcat(ctcp_buffer, str); + my_strmcat(ctcp_buffer, str, BIG_BUFFER_SIZE); if ((end = my_index(cmd, CTCP_DELIM_CHAR)) != NULL) { messages++; @@@@ -631,7 +631,7 @@@@ ptr = ctcp_cmd[i].func(&ctcp_cmd[i], from, to, arg_copy); if (ptr) { - my_strcat(ctcp_buffer, ptr); + my_strmcat(ctcp_buffer, ptr, BIG_BUFFER_SIZE); new_free(&ptr); } } @@@@ -678,7 +678,7 @@@@ } else { - my_strcat(ctcp_buffer, CTCP_DELIM_STR); + my_strmcat(ctcp_buffer, CTCP_DELIM_STR, BIG_BUFFER_SIZE); str = cmd; } } @@@@ -759,7 +759,7 @@@@ *CTCP_Reply_Buffer = '\0'; } if (*str) - my_strcat(ctcp_buffer, str); + my_strmcat(ctcp_buffer, str, BIG_BUFFER_SIZE); return (ctcp_buffer); } @@@@ -791,7 +791,7 @@@@ while ((cmd = my_index(str, CTCP_DELIM_CHAR)) != NULL) do_new_notice_ctcp(from, to, &str, cmd); in_ctcp_flag = 0; - my_strcat(ctcp_buffer, str); + my_strmcat(ctcp_buffer, str, BIG_BUFFER_SIZE); return (ctcp_buffer); } @@@@ -812,7 +812,7 @@@@ flags = 0; *(cmd++) = '\0'; - my_strcat(ctcp_buffer, *str); + my_strmcat(ctcp_buffer, *str, BIG_BUFFER_SIZE); if ((end = my_index(cmd, CTCP_DELIM_CHAR)) != NULL) { *(end++) = '\0'; @@@@ -825,7 +825,7 @@@@ { if ((ptr = ctcp_cmd[i].func(&(ctcp_cmd[i]), from, to, arg_copy)) != NULL) { - my_strcat(ctcp_buffer, ptr); + my_strmcat(ctcp_buffer, ptr, BIG_BUFFER_SIZE); new_free(&ptr); flags = ctcp_cmd[i].flag; } @@@@ -866,7 +866,7 @@@@ } else { - my_strcat(ctcp_buffer, CTCP_DELIM_STR); + my_strmcat(ctcp_buffer, CTCP_DELIM_STR, BIG_BUFFER_SIZE); *str = cmd; } } --- ircii-20021103/source/dcc.c Tue Sep 10 15:04:56 2002 +++ ircii-20030315/source/dcc.c Thu Mar 13 12:34:27 2003 @@@@ -844,7 +847,7 @@@@ } if (IS_ABSOLUTE_PATH(filename)) { - my_strcpy(FileBuf, filename); + my_strmcpy(FileBuf, filename, BIG_BUFFER_SIZE); } else if (*filename == '~') { @@@@ -853,14 +856,14 @@@@ yell("Unable to expand %s", filename); return; } - my_strcpy(FileBuf, fullname); + my_strmcpy(FileBuf, fullname, BIG_BUFFER_SIZE); new_free(&fullname); } else { getcwd(CP(FileBuf), sizeof(FileBuf)); - my_strcat(FileBuf, "/"); - my_strcat(FileBuf, filename); + my_strmcat(FileBuf, "/", BIG_BUFFER_SIZE); + my_strmcat(FileBuf, filename, BIG_BUFFER_SIZE); } if (0 != access(CP(FileBuf), R_OK)) { --- ircii-20021103/source/edit.c Thu Oct 31 13:06:38 2002 +++ ircii-20030315/source/edit.c Thu Mar 13 12:34:27 2003 @@@@ -1282,7 +1282,7 @@@@ *(s - 1) = '\0'; else n--; - my_strcpy(buffer, t); + my_strmcpy(buffer, t, BIG_BUFFER_SIZE); t = s; if (userhost_cmd) @@@@ -1735,11 +1735,11 @@@@ u_char *dest; u_char *msg; { - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; - my_strcpy(buffer, dest); - my_strcat(buffer, " "); - my_strcat(buffer, msg); + my_strmcpy(buffer, dest, BIG_BUFFER_SIZE); + my_strmcat(buffer, " ", BIG_BUFFER_SIZE); + my_strmcat(buffer, msg, BIG_BUFFER_SIZE); e_privmsg("PRIVMSG", buffer, NULL); } @@@@ -2223,11 +2227,11 @@@@ { if (*nick_list) { - my_strcat(nick_list, ","); - my_strcat(nick_list, nick); + my_strmcat(nick_list, ",", IRCD_BUFFER_SIZE); + my_strmcat(nick_list, nick, IRCD_BUFFER_SIZE); } else - my_strcpy(nick_list, nick); + my_strmcpy(nick_list, nick, IRCD_BUFFER_SIZE); } do_final_send = 1; } @@@@ -2265,11 +2269,11 @@@@ { if (*nick_list) { - my_strcat(nick_list, ","); - my_strcat(nick_list, nick); + my_strmcat(nick_list, ",", IRCD_BUFFER_SIZE); + my_strmcat(nick_list, nick, IRCD_BUFFER_SIZE); } else - my_strcpy(nick_list, nick); + my_strmcpy(nick_list, nick, IRCD_BUFFER_SIZE); } if (get_int_var(WARN_OF_IGNORES_VAR) && (is_ignored(nick, IGNORE_MSGS) == IGNORED)) --- ircii-20021103/source/funny.c Thu Aug 29 12:26:38 2002 +++ ircii-20030315/source/funny.c Thu Mar 13 12:34:27 2003 @@@@ -124,7 +124,6 @@@@ int i; u_char buffer1[BIG_BUFFER_SIZE]; u_char buffer2[BIG_BUFFER_SIZE]; - u_char *ptr; if (!wide_list) return; @@@@ -141,16 +140,13 @@@@ { snprintf(CP(buffer2), sizeof buffer2, "%s(%d) ", wide_list[i]->channel, wide_list[i]->users); - ptr = my_index(buffer1, '\0'); if (my_strlen(buffer1) + my_strlen(buffer2) > current_screen->co - 5) { if (do_hook(WIDELIST_LIST, "%s", buffer1)) say("%s", buffer1); *buffer1 = '\0'; - my_strcat(buffer1, buffer2); } - else - my_strcpy(ptr, buffer2); + my_strmcat(buffer1, buffer2, BIG_BUFFER_SIZE); } if (*buffer1 && do_hook(WIDELIST_LIST, "%s", buffer1)) say("%s" , buffer1); @@@@ -184,7 +180,7 @@@@ (u_char) last_width, (u_char) last_width); else - my_strcpy(format, "*** %s\t%-5s %s"); + my_strmcpy(format, "*** %s\t%-5s %s", sizeof format); } channel = ArgList[0]; user_cnt = ArgList[1]; @@@@ -279,7 +275,7 @@@@ (u_char) last_width, (u_char) last_width); else - my_strcpy(format, "%s: %s\t%s"); + my_strmcpy(format, "%s: %s\t%s", sizeof format); } ptr = line; for (cnt = -1; ptr; cnt++) --- ircii-20021103/source/help.c Fri Oct 4 06:50:26 2002 +++ ircii-20030315/source/help.c Thu Mar 13 12:34:27 2003 @@@@ -552,7 +552,7 @@@@ u_char *arg_z = (u_char *) 0; #endif /* ZCAT */ - my_strcpy(help_topic_list, topics); + my_strmcpy(help_topic_list, topics, BIG_BUFFER_SIZE); #ifdef DAEMON_UID if (DAEMON_UID == getuid()) @@@@ -726,10 +726,10 @@@@ } if (stat_buf.st_mode & S_IFDIR) { - my_strcpy(path, tmp); + my_strmcpy(path, tmp, BIG_BUFFER_SIZE); if (*help_topic_list) - my_strcat(help_topic_list, " "); - my_strcat(help_topic_list, namelist[0]->d_name); + my_strmcat(help_topic_list, " ", BIG_BUFFER_SIZE); + my_strmcat(help_topic_list, namelist[0]->d_name, BIG_BUFFER_SIZE); if ((this_arg = next_arg(args, &args)) == (u_char *) 0) { @@@@ -758,7 +758,7 @@@@ } default: help_show_directory = 1; - my_strcpy(paused_topic, help_topic_list); + my_strmcpy(paused_topic, help_topic_list, sizeof paused_topic); help_pause_add_line("*** %s choices:", help_topic_list); *buffer = (u_char) 0; cnt = 0; --- ircii-20021103/source/ignore.c Wed Mar 20 18:03:15 2002 +++ ircii-20030315/source/ignore.c Thu Mar 13 12:34:27 2003 @@@@ -106,7 +106,7 @@@@ Ignore *new; char *msg; u_char *ptr; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; while (nick) { @@@@ -197,25 +197,25 @@@@ } else if (type) { - my_strcpy(buffer, msg); + my_strmcpy(buffer, msg, BIG_BUFFER_SIZE); if (type & IGNORE_MSGS) - my_strcat(buffer, " MSGS"); + my_strmcat(buffer, " MSGS", BIG_BUFFER_SIZE); if (type & IGNORE_PUBLIC) - my_strcat(buffer, " PUBLIC"); + my_strmcat(buffer, " PUBLIC", BIG_BUFFER_SIZE); if (type & IGNORE_WALLS) - my_strcat(buffer, " WALLS"); + my_strmcat(buffer, " WALLS", BIG_BUFFER_SIZE); if (type & IGNORE_WALLOPS) - my_strcat(buffer, " WALLOPS"); + my_strmcat(buffer, " WALLOPS", BIG_BUFFER_SIZE); if (type & IGNORE_INVITES) - my_strcat(buffer, " INVITES"); + my_strmcat(buffer, " INVITES", BIG_BUFFER_SIZE); if (type & IGNORE_NOTICES) - my_strcat(buffer, " NOTICES"); + my_strmcat(buffer, " NOTICES", BIG_BUFFER_SIZE); if (type & IGNORE_NOTES) - my_strcat(buffer, " NOTES"); + my_strmcat(buffer, " NOTES", BIG_BUFFER_SIZE); if (type & IGNORE_CTCPS) - my_strcat(buffer, " CTCPS"); + my_strmcat(buffer, " CTCPS", BIG_BUFFER_SIZE); if (type & IGNORE_CRAP) - my_strcat(buffer, " CRAP"); + my_strmcat(buffer, " CRAP", BIG_BUFFER_SIZE); say("%s from %s", buffer, new->nick); } if ((new->type == 0) && (new->high == 0)) --- ircii-20021103/source/ircaux.c Thu Sep 12 08:28:12 2002 +++ ircii-20030315/source/ircaux.c Thu Mar 13 12:34:27 2003 @@@@ -1160,7 +1164,7 @@@@ if ((ptr = my_index(path, ':')) != NULL) #endif /* __MSDOS */ *(ptr++) = '\0'; - my_strcpy(lbuf, empty_string); + lbuf[0] = 0; if (path[0] == '~') { my_strmcat(lbuf, my_path, BIG_BUFFER_SIZE); --- ircii-20021103/source/names.c Sun Sep 8 07:09:46 2002 +++ ircii-20030315/source/names.c Sat Mar 15 05:53:54 2003 @@@@ -954,13 +958,13 @@@@ { ChannelList *tmp; u_char *value = (u_char *) 0; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; *buffer = '\0'; for (tmp = server_list[window->server].chan_list; tmp; tmp = tmp->next) { - my_strcat(buffer, tmp->channel); - my_strcat(buffer, " "); + my_strmcat(buffer, tmp->channel, BIG_BUFFER_SIZE); + my_strmcat(buffer, " ", BIG_BUFFER_SIZE); } malloc_strcpy(&value, buffer); --- ircii-20021103/source/notice.c Tue Sep 3 04:39:31 2002 +++ ircii-20030315/source/notice.c Fri Dec 6 15:33:17 2002 @@@@ -388,7 +388,7 @@@@ else if ((c = server[strlen(server) - 1]) == ',' || c == '.') server[strlen(server) - 1] = '\0'; #endif /* BROKEN_SCANF */ - server_list[parsing_server_index].attempting_to_connect--; + server_list[parsing_server_index].attempting_to_connect = 0; set_server_motd(parsing_server_index, 1); server_is_connected(parsing_server_index, 1); if ((s = my_index(server, '[')) != NULL) --- ircii-20021103/source/notify.c Thu Aug 29 12:26:41 2002 +++ ircii-20030315/source/notify.c Thu Mar 13 12:34:27 2003 @@@@ -228,8 +228,8 @@@@ if (count >= location && count < location + 40) { c2++; - my_strcat(buf, " "); - my_strcat(buf, tmp->nick); + my_strmcat(buf, " ", BIG_BUFFER_SIZE); + my_strmcat(buf, tmp->nick, BIG_BUFFER_SIZE); } } if (c2) --- ircii-20021103/source/numbers.c Sat Sep 7 09:19:45 2002 +++ ircii-20030315/source/numbers.c Thu Mar 13 12:34:28 2003 @@@@ -307,7 +277,7 @@@@ **ArgList; { u_char *chan; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE + 1]; if (ArgList[0]) chan = ArgList[0]; @@@@ -322,23 +292,23 @@@@ PasteArgs(ArgList, 0); if (do_hook(current_numeric, "%s %s", from, *ArgList)) { - my_strcpy(buffer, ArgList[0]); + my_strmcpy(buffer, ArgList[0], BIG_BUFFER_SIZE); switch(-current_numeric) { case 471: - my_strcat(buffer, " (Channel is full)"); + my_strmcat(buffer, " (Channel is full)", BIG_BUFFER_SIZE); break; case 473: - my_strcat(buffer, " (Invite only channel)"); + my_strmcat(buffer, " (Invite only channel)", BIG_BUFFER_SIZE); break; case 474: - my_strcat(buffer, " (Banned from channel)"); + my_strmcat(buffer, " (Banned from channel)", BIG_BUFFER_SIZE); break; case 475: - my_strcat(buffer, " (Bad channel key)"); + my_strmcat(buffer, " (Bad channel key)", BIG_BUFFER_SIZE); break; case 476: - my_strcat(buffer, " (Bad channel mask)"); + my_strmcat(buffer, " (Bad channel mask)", BIG_BUFFER_SIZE); break; } put_it("%s %s", numeric_banner(), buffer); --- ircii-20021103/source/server.c Fri Sep 6 18:04:38 2002 +++ ircii-20030315/source/server.c Thu Mar 13 12:34:28 2003 @@@@ -2299,14 +2284,14 @@@@ { int i; u_char *value = (u_char *) 0; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; *buffer = '\0'; for (i = 0; i < number_of_servers; i++) if (server_list[i].read != -1) { - my_strcat(buffer, get_server_itsname(i)); - my_strcat(buffer, " "); + my_strmcat(buffer, get_server_itsname(i), BIG_BUFFER_SIZE); + my_strmcat(buffer, " ", BIG_BUFFER_SIZE); } malloc_strcpy(&value, buffer); --- ircii-20021103/source/status.c Sat Oct 12 14:41:43 2002 +++ ircii-20030315/source/status.c Sat Mar 15 06:26:46 2003 @@@@ -81,6 +81,7 @@@@ static void status_make_printable _((u_char *, int)); static void alarm_switch _((int)); static u_char *convert_sub_format _((u_char *, int)); +static void make_status_one _((Window *, int, int)); /* * Maximum number of "%" expressions in a status line format. If you change @@@@ -671,12 +672,7 @@@@ make_status(window) Window *window; { - int i, len, k, l, - RJustifyPos = -1, - RealPosition; - u_char lbuf[BIG_BUFFER_SIZE + 1]; - u_char *func_value[MAX_FUNCTIONS]; - int final; + int k, l, final; switch (window->double_status) { case -1: @@@@ -704,143 +700,155 @@@@ l = 0; if (!dumb && status_format[l]) + make_status_one(window, k, l); + } +out: + cursor_to_input(); +} + +static void +make_status_one(window, k, l) + Window *window; + int k; + int l; +{ + u_char lbuf[BIG_BUFFER_SIZE + 1]; + u_char *func_value[MAX_FUNCTIONS]; + size_t len; + int i, + RJustifyPos = -1, + RealPosition; + + /* + * XXX: note that this code below depends on the definition + * of MAX_FUNCTIONS (currently 33), and the snprintf must + * be updated if MAX_FUNCTIONS is changed. + */ + for (i = 0; i < MAX_FUNCTIONS; i++) + func_value[i] = (status_func[l][i]) (window); + lbuf[0] = REV_TOG; + snprintf(CP(lbuf+1), sizeof(lbuf) - 1, CP(status_format[l]), + func_value[0], func_value[1], func_value[2], + func_value[3], func_value[4], func_value[5], + func_value[6], func_value[7], func_value[8], + func_value[9], func_value[10], func_value[11], + func_value[12], func_value[13], func_value[14], + func_value[15], func_value[16], func_value[17], + func_value[18], func_value[19], func_value[20], + func_value[21], func_value[22], func_value[23], + func_value[24], func_value[25], func_value[26], + func_value[27], func_value[28], func_value[29], + func_value[30], func_value[31], func_value[32]); + for (i = 0; i < MAX_FUNCTIONS; i++) + new_free(&(func_value[i])); + + /* Patched 26-Mar-93 by Aiken + * make_window now right-justifies everything + * after a %> + * it's also more efficient. + */ + + RealPosition = 0; + RJustifyPos = -1; + for (i = 0; lbuf[i]; i++) + /* formfeed is a marker for left/right border*/ + if (lbuf[i] == '\f') + RJustifyPos = i; + else if (lbuf[i] != REV_TOG + && lbuf[i] != UND_TOG + && lbuf[i] != ALL_OFF + && lbuf[i] != BOLD_TOG) { - /* - * XXX: note that this code below depends on the definition - * of MAX_FUNCTIONS (currently 33), and the snprintf must - * be updated if MAX_FUNCTIONS is changed. - */ - for (i = 0; i < MAX_FUNCTIONS; i++) - func_value[i] = (status_func[l][i]) (window); - lbuf[0] = REV_TOG; - snprintf(CP(lbuf+1), sizeof(lbuf) - 1, CP(status_format[l]), - func_value[0], func_value[1], func_value[2], - func_value[3], func_value[4], func_value[5], - func_value[6], func_value[7], func_value[8], - func_value[9], func_value[10], func_value[11], - func_value[12], func_value[13], func_value[14], - func_value[15], func_value[16], func_value[17], - func_value[18], func_value[19], func_value[20], - func_value[21], func_value[22], func_value[23], - func_value[24], func_value[25], func_value[26], - func_value[27], func_value[28], func_value[29], - func_value[30], func_value[31],func_value[32]); - for (i = 0; i < MAX_FUNCTIONS; i++) - new_free(&(func_value[i])); - - /* Patched 26-Mar-93 by Aiken - * make_window now right-justifies everything - * after a %> - * it's also more efficient. - */ - - RealPosition = 0; - RJustifyPos = -1; - for (i = 0; lbuf[i]; i++) - /* formfeed is a marker for left/right border*/ - if (lbuf[i] == '\f') - { - RJustifyPos = i; - } - else if (lbuf[i] != REV_TOG - && lbuf[i] != UND_TOG - && lbuf[i] != ALL_OFF - && lbuf[i] != BOLD_TOG) - { - if (RealPosition == current_screen->co) - { - lbuf[i] = '\0'; - break; - } - RealPosition++; - } - - /* note that i points to the nul, - RealPosition is vis.chars */ - - if (RJustifyPos == -1) - { - RJustifyPos = i; - } - else + if (RealPosition == current_screen->co) { - /* get rid of the marker */ - my_strcpy(&lbuf[RJustifyPos], - &lbuf[RJustifyPos+1]); - i--; - } - - if (get_int_var(FULL_STATUS_LINE_VAR)) - { - int diff; - u_char c; - - if (RJustifyPos == 0) - c = ' '; - else - c = lbuf[RJustifyPos - 1]; - - diff = current_screen->co - RealPosition; - - for ( ; i >= RJustifyPos; i--) - lbuf[i + diff] = lbuf[i]; - - for (i++ ; diff > 0 ; diff--, i++) - lbuf[i] = c; + lbuf[i] = '\0'; + break; } + RealPosition++; + } + + /* note that i points to the nul, RealPosition is vis.chars */ + if (RJustifyPos == -1) + RJustifyPos = i; + else + { + /* get rid of the marker */ + my_strcpy(&lbuf[RJustifyPos], + &lbuf[RJustifyPos+1]); + i--; + } + + /* don't adjust the status bar if it is full already */ + if (RealPosition < current_screen->co) + { + if (get_int_var(FULL_STATUS_LINE_VAR)) + { + int diff; + u_char c; - len = my_strlen(lbuf); - lbuf[len] = ALL_OFF; - lbuf[len+1] = '\0'; + if (RJustifyPos == 0) + c = ' '; + else + c = lbuf[RJustifyPos - 1]; - status_make_printable(lbuf, len); + /* + * does this work when the right justified position + * has non-printable characters (eg UNG_TOG)? + */ + diff = current_screen->co - RealPosition; - /* - * Thanks to Max Bell (mbell@@cie.uoregon.edu) for info about TVI - * terminals and the sg terminal capability - */ - RealPosition = 0; - if (window->status_line[k] && (SG == -1)) - { - for (i = 0; lbuf[i] && window->status_line[k][i]; i++) - { - if ((u_char) lbuf[i] != window->status_line[k][i]) - break; - if (lbuf[i] != REV_TOG - && lbuf[i] != UND_TOG - && lbuf[i] != ALL_OFF - && lbuf[i] != BOLD_TOG) - RealPosition++; - } - } - else - i = 0; + for ( ; i >= RJustifyPos; i--) + lbuf[i + diff] = lbuf[i]; - if ((len = my_strlen(lbuf + i)) - || lbuf[i] || window->status_line[k] - || window->status_line[k][i]) - { - Screen *old_current_screen; - - old_current_screen = current_screen; - set_current_screen(window->screen); - term_move_cursor(RealPosition, window->bottom - + k); -/* - term_move_cursor(RealPosition, window->bottom - + k - window->double_status); -*/ - output_line(lbuf, NULL, i); - cursor_in_display(); - if (term_clear_to_eol()) - term_space_erase(len); - malloc_strcpy(&window->status_line[k], lbuf); - set_current_screen(old_current_screen); - } + for (i++ ; diff > 0 ; diff--, i++) + lbuf[i] = c; } } -out: - cursor_to_input(); + + len = my_strlen(lbuf); + if (len > (BIG_BUFFER_SIZE - 1)) + len = BIG_BUFFER_SIZE - 1; + lbuf[len] = ALL_OFF; + lbuf[len+1] = '\0'; + + status_make_printable(lbuf, len); + + /* + * Thanks to Max Bell (mbell@@cie.uoregon.edu) for info + * about TVI terminals and the sg terminal capability + */ + RealPosition = 0; + if (window->status_line[k] && (SG == -1)) + { + for (i = 0; lbuf[i] && window->status_line[k][i]; i++) + { + if ((u_char) lbuf[i] != window->status_line[k][i]) + break; + if (lbuf[i] != REV_TOG + && lbuf[i] != UND_TOG + && lbuf[i] != ALL_OFF + && lbuf[i] != BOLD_TOG) + RealPosition++; + } + } + else + i = 0; + + if ((len = my_strlen(lbuf + i)) || lbuf[i] || + window->status_line[k] || window->status_line[k][i]) + { + Screen *old_current_screen; + + old_current_screen = current_screen; + set_current_screen(window->screen); + term_move_cursor(RealPosition, window->bottom + k); + output_line(lbuf, NULL, i); + cursor_in_display(); + if (term_clear_to_eol()) + term_space_erase(len); + malloc_strcpy(&window->status_line[k], lbuf); + set_current_screen(old_current_screen); + } } static u_char * @@@@ -1429,7 +1437,8 @@@@ return; bzero(lbuf, BIG_BUFFER_SIZE); - for (pos = 0, s = str; s && pos < BIG_BUFFER_SIZE && pos < n; s++) + /* there can be 4 more chars stuff in: REV *s REV \0 */ + for (pos = 0, s = str; s && pos < (BIG_BUFFER_SIZE - 4) && n--; s++) { so = 0; if (translation) --- ircii-20021103/source/whois.c Tue Sep 3 04:39:31 2002 +++ ircii-20030315/source/whois.c Thu Mar 13 12:34:28 2003 @@@@ -1309,11 +1309,11 @@@@ { u_char args[BIG_BUFFER_SIZE + 1]; - my_strcpy(args, stuff->nick ? stuff->nick : empty_string); - my_strcat(args, stuff->oper ? " + " : " - "); - my_strcat(args, stuff->away ? "+ " : "- "); - my_strcat(args, stuff->user ? stuff->user : empty_string); - my_strcat(args, " "); - my_strcat(args, stuff->host ? stuff->host : empty_string); + my_strmcpy(args, stuff->nick ? stuff->nick : empty_string, BIG_BUFFER_SIZE); + my_strmcat(args, stuff->oper ? " + " : " - ", BIG_BUFFER_SIZE); + my_strmcat(args, stuff->away ? "+ " : "- ", BIG_BUFFER_SIZE); + my_strmcat(args, stuff->user ? stuff->user : empty_string, BIG_BUFFER_SIZE); + my_strmcat(args, " ", BIG_BUFFER_SIZE); + my_strmcat(args, stuff->host ? stuff->host : empty_string, BIG_BUFFER_SIZE); parse_line((u_char *) 0, text, args, 0, 0, 1); } @ 1.1.2.1 log @OpenPKG-SA-2003.024-ircii @ text @a0 786 From: Timo Sirainen Subject: Buffer overflows in ircII-based clients Date: 14 Mar 2003 00:17:55 +0200 Message-ID: <1047593874.20734.12.camel@@hurina> ircii 20020912 1) [sample IRC commands] overflows ctcp_buffer [...] 2) cannot_join_channel() allows writing [...] past buffer in stack [...] 3) Statusbar drawing has several buffer overflows. [...] 4) Some of the other my_strcat() calls may overflow buffer [...] ircii-20030313 fixes these. This patch was created by extracting differences from vendor sources by the openpkg-security@@openpkg.org team. It can be applied to ircii-20020403 and ircii-20021103. --- ircii-20021103/source/alias.c Wed Sep 4 18:56:40 2002 +++ ircii-20030315/source/alias.c Thu Mar 13 12:34:27 2003 @@@@ -2923,10 +2923,10 @@@@ if ((Client->flags & (DCC_CHAT|DCC_ACTIVE)) == (DCC_CHAT|DCC_ACTIVE)) { if (notfirst) - my_strcat(result, ","); + my_strmcat(result, ",", len); else notfirst = 1; - my_strcat(result, Client->user); + my_strmcat(result, Client->user, len); } return (result); @@@@ -3419,10 +3419,10 @@@@ for (nicks = chan->nicks; nicks; nicks = nicks->next) { if (notfirst) - my_strcat(result, " "); + my_strmcat(result, " ", len); else notfirst = 1; - my_strcat(result, nicks->nick); + my_strmcat(result, nicks->nick, len); } return (result); --- ircii-20021103/source/ctcp.c Tue Sep 3 04:39:30 2002 +++ ircii-20030315/source/ctcp.c Thu Mar 13 12:34:27 2003 @@@@ -606,7 +606,7 @@@@ if (messages > 3) break; *(cmd++) = '\0'; - my_strcat(ctcp_buffer, str); + my_strmcat(ctcp_buffer, str, BIG_BUFFER_SIZE); if ((end = my_index(cmd, CTCP_DELIM_CHAR)) != NULL) { messages++; @@@@ -631,7 +631,7 @@@@ ptr = ctcp_cmd[i].func(&ctcp_cmd[i], from, to, arg_copy); if (ptr) { - my_strcat(ctcp_buffer, ptr); + my_strmcat(ctcp_buffer, ptr, BIG_BUFFER_SIZE); new_free(&ptr); } } @@@@ -678,7 +678,7 @@@@ } else { - my_strcat(ctcp_buffer, CTCP_DELIM_STR); + my_strmcat(ctcp_buffer, CTCP_DELIM_STR, BIG_BUFFER_SIZE); str = cmd; } } @@@@ -759,7 +759,7 @@@@ *CTCP_Reply_Buffer = '\0'; } if (*str) - my_strcat(ctcp_buffer, str); + my_strmcat(ctcp_buffer, str, BIG_BUFFER_SIZE); return (ctcp_buffer); } @@@@ -791,7 +791,7 @@@@ while ((cmd = my_index(str, CTCP_DELIM_CHAR)) != NULL) do_new_notice_ctcp(from, to, &str, cmd); in_ctcp_flag = 0; - my_strcat(ctcp_buffer, str); + my_strmcat(ctcp_buffer, str, BIG_BUFFER_SIZE); return (ctcp_buffer); } @@@@ -812,7 +812,7 @@@@ flags = 0; *(cmd++) = '\0'; - my_strcat(ctcp_buffer, *str); + my_strmcat(ctcp_buffer, *str, BIG_BUFFER_SIZE); if ((end = my_index(cmd, CTCP_DELIM_CHAR)) != NULL) { *(end++) = '\0'; @@@@ -825,7 +825,7 @@@@ { if ((ptr = ctcp_cmd[i].func(&(ctcp_cmd[i]), from, to, arg_copy)) != NULL) { - my_strcat(ctcp_buffer, ptr); + my_strmcat(ctcp_buffer, ptr, BIG_BUFFER_SIZE); new_free(&ptr); flags = ctcp_cmd[i].flag; } @@@@ -866,7 +866,7 @@@@ } else { - my_strcat(ctcp_buffer, CTCP_DELIM_STR); + my_strmcat(ctcp_buffer, CTCP_DELIM_STR, BIG_BUFFER_SIZE); *str = cmd; } } --- ircii-20021103/source/dcc.c Tue Sep 10 15:04:56 2002 +++ ircii-20030315/source/dcc.c Thu Mar 13 12:34:27 2003 @@@@ -844,7 +847,7 @@@@ } if (IS_ABSOLUTE_PATH(filename)) { - my_strcpy(FileBuf, filename); + my_strmcpy(FileBuf, filename, BIG_BUFFER_SIZE); } else if (*filename == '~') { @@@@ -853,14 +856,14 @@@@ yell("Unable to expand %s", filename); return; } - my_strcpy(FileBuf, fullname); + my_strmcpy(FileBuf, fullname, BIG_BUFFER_SIZE); new_free(&fullname); } else { getcwd(CP(FileBuf), sizeof(FileBuf)); - my_strcat(FileBuf, "/"); - my_strcat(FileBuf, filename); + my_strmcat(FileBuf, "/", BIG_BUFFER_SIZE); + my_strmcat(FileBuf, filename, BIG_BUFFER_SIZE); } if (0 != access(CP(FileBuf), R_OK)) { --- ircii-20021103/source/edit.c Thu Oct 31 13:06:38 2002 +++ ircii-20030315/source/edit.c Thu Mar 13 12:34:27 2003 @@@@ -1282,7 +1282,7 @@@@ *(s - 1) = '\0'; else n--; - my_strcpy(buffer, t); + my_strmcpy(buffer, t, BIG_BUFFER_SIZE); t = s; if (userhost_cmd) @@@@ -1735,11 +1735,11 @@@@ u_char *dest; u_char *msg; { - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; - my_strcpy(buffer, dest); - my_strcat(buffer, " "); - my_strcat(buffer, msg); + my_strmcpy(buffer, dest, BIG_BUFFER_SIZE); + my_strmcat(buffer, " ", BIG_BUFFER_SIZE); + my_strmcat(buffer, msg, BIG_BUFFER_SIZE); e_privmsg("PRIVMSG", buffer, NULL); } @@@@ -2223,11 +2227,11 @@@@ { if (*nick_list) { - my_strcat(nick_list, ","); - my_strcat(nick_list, nick); + my_strmcat(nick_list, ",", IRCD_BUFFER_SIZE); + my_strmcat(nick_list, nick, IRCD_BUFFER_SIZE); } else - my_strcpy(nick_list, nick); + my_strmcpy(nick_list, nick, IRCD_BUFFER_SIZE); } do_final_send = 1; } @@@@ -2265,11 +2269,11 @@@@ { if (*nick_list) { - my_strcat(nick_list, ","); - my_strcat(nick_list, nick); + my_strmcat(nick_list, ",", IRCD_BUFFER_SIZE); + my_strmcat(nick_list, nick, IRCD_BUFFER_SIZE); } else - my_strcpy(nick_list, nick); + my_strmcpy(nick_list, nick, IRCD_BUFFER_SIZE); } if (get_int_var(WARN_OF_IGNORES_VAR) && (is_ignored(nick, IGNORE_MSGS) == IGNORED)) --- ircii-20021103/source/funny.c Thu Aug 29 12:26:38 2002 +++ ircii-20030315/source/funny.c Thu Mar 13 12:34:27 2003 @@@@ -124,7 +124,6 @@@@ int i; u_char buffer1[BIG_BUFFER_SIZE]; u_char buffer2[BIG_BUFFER_SIZE]; - u_char *ptr; if (!wide_list) return; @@@@ -141,16 +140,13 @@@@ { snprintf(CP(buffer2), sizeof buffer2, "%s(%d) ", wide_list[i]->channel, wide_list[i]->users); - ptr = my_index(buffer1, '\0'); if (my_strlen(buffer1) + my_strlen(buffer2) > current_screen->co - 5) { if (do_hook(WIDELIST_LIST, "%s", buffer1)) say("%s", buffer1); *buffer1 = '\0'; - my_strcat(buffer1, buffer2); } - else - my_strcpy(ptr, buffer2); + my_strmcat(buffer1, buffer2, BIG_BUFFER_SIZE); } if (*buffer1 && do_hook(WIDELIST_LIST, "%s", buffer1)) say("%s" , buffer1); @@@@ -184,7 +180,7 @@@@ (u_char) last_width, (u_char) last_width); else - my_strcpy(format, "*** %s\t%-5s %s"); + my_strmcpy(format, "*** %s\t%-5s %s", sizeof format); } channel = ArgList[0]; user_cnt = ArgList[1]; @@@@ -279,7 +275,7 @@@@ (u_char) last_width, (u_char) last_width); else - my_strcpy(format, "%s: %s\t%s"); + my_strmcpy(format, "%s: %s\t%s", sizeof format); } ptr = line; for (cnt = -1; ptr; cnt++) --- ircii-20021103/source/help.c Fri Oct 4 06:50:26 2002 +++ ircii-20030315/source/help.c Thu Mar 13 12:34:27 2003 @@@@ -552,7 +552,7 @@@@ u_char *arg_z = (u_char *) 0; #endif /* ZCAT */ - my_strcpy(help_topic_list, topics); + my_strmcpy(help_topic_list, topics, BIG_BUFFER_SIZE); #ifdef DAEMON_UID if (DAEMON_UID == getuid()) @@@@ -726,10 +726,10 @@@@ } if (stat_buf.st_mode & S_IFDIR) { - my_strcpy(path, tmp); + my_strmcpy(path, tmp, BIG_BUFFER_SIZE); if (*help_topic_list) - my_strcat(help_topic_list, " "); - my_strcat(help_topic_list, namelist[0]->d_name); + my_strmcat(help_topic_list, " ", BIG_BUFFER_SIZE); + my_strmcat(help_topic_list, namelist[0]->d_name, BIG_BUFFER_SIZE); if ((this_arg = next_arg(args, &args)) == (u_char *) 0) { @@@@ -758,7 +758,7 @@@@ } default: help_show_directory = 1; - my_strcpy(paused_topic, help_topic_list); + my_strmcpy(paused_topic, help_topic_list, sizeof paused_topic); help_pause_add_line("*** %s choices:", help_topic_list); *buffer = (u_char) 0; cnt = 0; --- ircii-20021103/source/ignore.c Wed Mar 20 18:03:15 2002 +++ ircii-20030315/source/ignore.c Thu Mar 13 12:34:27 2003 @@@@ -106,7 +106,7 @@@@ Ignore *new; char *msg; u_char *ptr; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; while (nick) { @@@@ -197,25 +197,25 @@@@ } else if (type) { - my_strcpy(buffer, msg); + my_strmcpy(buffer, msg, BIG_BUFFER_SIZE); if (type & IGNORE_MSGS) - my_strcat(buffer, " MSGS"); + my_strmcat(buffer, " MSGS", BIG_BUFFER_SIZE); if (type & IGNORE_PUBLIC) - my_strcat(buffer, " PUBLIC"); + my_strmcat(buffer, " PUBLIC", BIG_BUFFER_SIZE); if (type & IGNORE_WALLS) - my_strcat(buffer, " WALLS"); + my_strmcat(buffer, " WALLS", BIG_BUFFER_SIZE); if (type & IGNORE_WALLOPS) - my_strcat(buffer, " WALLOPS"); + my_strmcat(buffer, " WALLOPS", BIG_BUFFER_SIZE); if (type & IGNORE_INVITES) - my_strcat(buffer, " INVITES"); + my_strmcat(buffer, " INVITES", BIG_BUFFER_SIZE); if (type & IGNORE_NOTICES) - my_strcat(buffer, " NOTICES"); + my_strmcat(buffer, " NOTICES", BIG_BUFFER_SIZE); if (type & IGNORE_NOTES) - my_strcat(buffer, " NOTES"); + my_strmcat(buffer, " NOTES", BIG_BUFFER_SIZE); if (type & IGNORE_CTCPS) - my_strcat(buffer, " CTCPS"); + my_strmcat(buffer, " CTCPS", BIG_BUFFER_SIZE); if (type & IGNORE_CRAP) - my_strcat(buffer, " CRAP"); + my_strmcat(buffer, " CRAP", BIG_BUFFER_SIZE); say("%s from %s", buffer, new->nick); } if ((new->type == 0) && (new->high == 0)) --- ircii-20021103/source/ircaux.c Thu Sep 12 08:28:12 2002 +++ ircii-20030315/source/ircaux.c Thu Mar 13 12:34:27 2003 @@@@ -1160,7 +1164,7 @@@@ if ((ptr = my_index(path, ':')) != NULL) #endif /* __MSDOS */ *(ptr++) = '\0'; - my_strcpy(lbuf, empty_string); + lbuf[0] = 0; if (path[0] == '~') { my_strmcat(lbuf, my_path, BIG_BUFFER_SIZE); --- ircii-20021103/source/names.c Sun Sep 8 07:09:46 2002 +++ ircii-20030315/source/names.c Sat Mar 15 05:53:54 2003 @@@@ -954,13 +958,13 @@@@ { ChannelList *tmp; u_char *value = (u_char *) 0; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; *buffer = '\0'; for (tmp = server_list[window->server].chan_list; tmp; tmp = tmp->next) { - my_strcat(buffer, tmp->channel); - my_strcat(buffer, " "); + my_strmcat(buffer, tmp->channel, BIG_BUFFER_SIZE); + my_strmcat(buffer, " ", BIG_BUFFER_SIZE); } malloc_strcpy(&value, buffer); --- ircii-20021103/source/notice.c Tue Sep 3 04:39:31 2002 +++ ircii-20030315/source/notice.c Fri Dec 6 15:33:17 2002 @@@@ -388,7 +388,7 @@@@ else if ((c = server[strlen(server) - 1]) == ',' || c == '.') server[strlen(server) - 1] = '\0'; #endif /* BROKEN_SCANF */ - server_list[parsing_server_index].attempting_to_connect--; + server_list[parsing_server_index].attempting_to_connect = 0; set_server_motd(parsing_server_index, 1); server_is_connected(parsing_server_index, 1); if ((s = my_index(server, '[')) != NULL) --- ircii-20021103/source/notify.c Thu Aug 29 12:26:41 2002 +++ ircii-20030315/source/notify.c Thu Mar 13 12:34:27 2003 @@@@ -228,8 +228,8 @@@@ if (count >= location && count < location + 40) { c2++; - my_strcat(buf, " "); - my_strcat(buf, tmp->nick); + my_strmcat(buf, " ", BIG_BUFFER_SIZE); + my_strmcat(buf, tmp->nick, BIG_BUFFER_SIZE); } } if (c2) --- ircii-20021103/source/numbers.c Sat Sep 7 09:19:45 2002 +++ ircii-20030315/source/numbers.c Thu Mar 13 12:34:28 2003 @@@@ -307,7 +277,7 @@@@ **ArgList; { u_char *chan; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE + 1]; if (ArgList[0]) chan = ArgList[0]; @@@@ -322,23 +292,23 @@@@ PasteArgs(ArgList, 0); if (do_hook(current_numeric, "%s %s", from, *ArgList)) { - my_strcpy(buffer, ArgList[0]); + my_strmcpy(buffer, ArgList[0], BIG_BUFFER_SIZE); switch(-current_numeric) { case 471: - my_strcat(buffer, " (Channel is full)"); + my_strmcat(buffer, " (Channel is full)", BIG_BUFFER_SIZE); break; case 473: - my_strcat(buffer, " (Invite only channel)"); + my_strmcat(buffer, " (Invite only channel)", BIG_BUFFER_SIZE); break; case 474: - my_strcat(buffer, " (Banned from channel)"); + my_strmcat(buffer, " (Banned from channel)", BIG_BUFFER_SIZE); break; case 475: - my_strcat(buffer, " (Bad channel key)"); + my_strmcat(buffer, " (Bad channel key)", BIG_BUFFER_SIZE); break; case 476: - my_strcat(buffer, " (Bad channel mask)"); + my_strmcat(buffer, " (Bad channel mask)", BIG_BUFFER_SIZE); break; } put_it("%s %s", numeric_banner(), buffer); --- ircii-20021103/source/server.c Fri Sep 6 18:04:38 2002 +++ ircii-20030315/source/server.c Thu Mar 13 12:34:28 2003 @@@@ -2299,14 +2284,14 @@@@ { int i; u_char *value = (u_char *) 0; - u_char buffer[BIG_BUFFER_SIZE]; + u_char buffer[BIG_BUFFER_SIZE+1]; *buffer = '\0'; for (i = 0; i < number_of_servers; i++) if (server_list[i].read != -1) { - my_strcat(buffer, get_server_itsname(i)); - my_strcat(buffer, " "); + my_strmcat(buffer, get_server_itsname(i), BIG_BUFFER_SIZE); + my_strmcat(buffer, " ", BIG_BUFFER_SIZE); } malloc_strcpy(&value, buffer); --- ircii-20021103/source/status.c Sat Oct 12 14:41:43 2002 +++ ircii-20030315/source/status.c Sat Mar 15 06:26:46 2003 @@@@ -81,6 +81,7 @@@@ static void status_make_printable _((u_char *, int)); static void alarm_switch _((int)); static u_char *convert_sub_format _((u_char *, int)); +static void make_status_one _((Window *, int, int)); /* * Maximum number of "%" expressions in a status line format. If you change @@@@ -671,12 +672,7 @@@@ make_status(window) Window *window; { - int i, len, k, l, - RJustifyPos = -1, - RealPosition; - u_char lbuf[BIG_BUFFER_SIZE + 1]; - u_char *func_value[MAX_FUNCTIONS]; - int final; + int k, l, final; switch (window->double_status) { case -1: @@@@ -704,143 +700,155 @@@@ l = 0; if (!dumb && status_format[l]) + make_status_one(window, k, l); + } +out: + cursor_to_input(); +} + +static void +make_status_one(window, k, l) + Window *window; + int k; + int l; +{ + u_char lbuf[BIG_BUFFER_SIZE + 1]; + u_char *func_value[MAX_FUNCTIONS]; + size_t len; + int i, + RJustifyPos = -1, + RealPosition; + + /* + * XXX: note that this code below depends on the definition + * of MAX_FUNCTIONS (currently 33), and the snprintf must + * be updated if MAX_FUNCTIONS is changed. + */ + for (i = 0; i < MAX_FUNCTIONS; i++) + func_value[i] = (status_func[l][i]) (window); + lbuf[0] = REV_TOG; + snprintf(CP(lbuf+1), sizeof(lbuf) - 1, CP(status_format[l]), + func_value[0], func_value[1], func_value[2], + func_value[3], func_value[4], func_value[5], + func_value[6], func_value[7], func_value[8], + func_value[9], func_value[10], func_value[11], + func_value[12], func_value[13], func_value[14], + func_value[15], func_value[16], func_value[17], + func_value[18], func_value[19], func_value[20], + func_value[21], func_value[22], func_value[23], + func_value[24], func_value[25], func_value[26], + func_value[27], func_value[28], func_value[29], + func_value[30], func_value[31], func_value[32]); + for (i = 0; i < MAX_FUNCTIONS; i++) + new_free(&(func_value[i])); + + /* Patched 26-Mar-93 by Aiken + * make_window now right-justifies everything + * after a %> + * it's also more efficient. + */ + + RealPosition = 0; + RJustifyPos = -1; + for (i = 0; lbuf[i]; i++) + /* formfeed is a marker for left/right border*/ + if (lbuf[i] == '\f') + RJustifyPos = i; + else if (lbuf[i] != REV_TOG + && lbuf[i] != UND_TOG + && lbuf[i] != ALL_OFF + && lbuf[i] != BOLD_TOG) { - /* - * XXX: note that this code below depends on the definition - * of MAX_FUNCTIONS (currently 33), and the snprintf must - * be updated if MAX_FUNCTIONS is changed. - */ - for (i = 0; i < MAX_FUNCTIONS; i++) - func_value[i] = (status_func[l][i]) (window); - lbuf[0] = REV_TOG; - snprintf(CP(lbuf+1), sizeof(lbuf) - 1, CP(status_format[l]), - func_value[0], func_value[1], func_value[2], - func_value[3], func_value[4], func_value[5], - func_value[6], func_value[7], func_value[8], - func_value[9], func_value[10], func_value[11], - func_value[12], func_value[13], func_value[14], - func_value[15], func_value[16], func_value[17], - func_value[18], func_value[19], func_value[20], - func_value[21], func_value[22], func_value[23], - func_value[24], func_value[25], func_value[26], - func_value[27], func_value[28], func_value[29], - func_value[30], func_value[31],func_value[32]); - for (i = 0; i < MAX_FUNCTIONS; i++) - new_free(&(func_value[i])); - - /* Patched 26-Mar-93 by Aiken - * make_window now right-justifies everything - * after a %> - * it's also more efficient. - */ - - RealPosition = 0; - RJustifyPos = -1; - for (i = 0; lbuf[i]; i++) - /* formfeed is a marker for left/right border*/ - if (lbuf[i] == '\f') - { - RJustifyPos = i; - } - else if (lbuf[i] != REV_TOG - && lbuf[i] != UND_TOG - && lbuf[i] != ALL_OFF - && lbuf[i] != BOLD_TOG) - { - if (RealPosition == current_screen->co) - { - lbuf[i] = '\0'; - break; - } - RealPosition++; - } - - /* note that i points to the nul, - RealPosition is vis.chars */ - - if (RJustifyPos == -1) - { - RJustifyPos = i; - } - else + if (RealPosition == current_screen->co) { - /* get rid of the marker */ - my_strcpy(&lbuf[RJustifyPos], - &lbuf[RJustifyPos+1]); - i--; - } - - if (get_int_var(FULL_STATUS_LINE_VAR)) - { - int diff; - u_char c; - - if (RJustifyPos == 0) - c = ' '; - else - c = lbuf[RJustifyPos - 1]; - - diff = current_screen->co - RealPosition; - - for ( ; i >= RJustifyPos; i--) - lbuf[i + diff] = lbuf[i]; - - for (i++ ; diff > 0 ; diff--, i++) - lbuf[i] = c; + lbuf[i] = '\0'; + break; } + RealPosition++; + } + + /* note that i points to the nul, RealPosition is vis.chars */ + if (RJustifyPos == -1) + RJustifyPos = i; + else + { + /* get rid of the marker */ + my_strcpy(&lbuf[RJustifyPos], + &lbuf[RJustifyPos+1]); + i--; + } + + /* don't adjust the status bar if it is full already */ + if (RealPosition < current_screen->co) + { + if (get_int_var(FULL_STATUS_LINE_VAR)) + { + int diff; + u_char c; - len = my_strlen(lbuf); - lbuf[len] = ALL_OFF; - lbuf[len+1] = '\0'; + if (RJustifyPos == 0) + c = ' '; + else + c = lbuf[RJustifyPos - 1]; - status_make_printable(lbuf, len); + /* + * does this work when the right justified position + * has non-printable characters (eg UNG_TOG)? + */ + diff = current_screen->co - RealPosition; - /* - * Thanks to Max Bell (mbell@@cie.uoregon.edu) for info about TVI - * terminals and the sg terminal capability - */ - RealPosition = 0; - if (window->status_line[k] && (SG == -1)) - { - for (i = 0; lbuf[i] && window->status_line[k][i]; i++) - { - if ((u_char) lbuf[i] != window->status_line[k][i]) - break; - if (lbuf[i] != REV_TOG - && lbuf[i] != UND_TOG - && lbuf[i] != ALL_OFF - && lbuf[i] != BOLD_TOG) - RealPosition++; - } - } - else - i = 0; + for ( ; i >= RJustifyPos; i--) + lbuf[i + diff] = lbuf[i]; - if ((len = my_strlen(lbuf + i)) - || lbuf[i] || window->status_line[k] - || window->status_line[k][i]) - { - Screen *old_current_screen; - - old_current_screen = current_screen; - set_current_screen(window->screen); - term_move_cursor(RealPosition, window->bottom - + k); -/* - term_move_cursor(RealPosition, window->bottom - + k - window->double_status); -*/ - output_line(lbuf, NULL, i); - cursor_in_display(); - if (term_clear_to_eol()) - term_space_erase(len); - malloc_strcpy(&window->status_line[k], lbuf); - set_current_screen(old_current_screen); - } + for (i++ ; diff > 0 ; diff--, i++) + lbuf[i] = c; } } -out: - cursor_to_input(); + + len = my_strlen(lbuf); + if (len > (BIG_BUFFER_SIZE - 1)) + len = BIG_BUFFER_SIZE - 1; + lbuf[len] = ALL_OFF; + lbuf[len+1] = '\0'; + + status_make_printable(lbuf, len); + + /* + * Thanks to Max Bell (mbell@@cie.uoregon.edu) for info + * about TVI terminals and the sg terminal capability + */ + RealPosition = 0; + if (window->status_line[k] && (SG == -1)) + { + for (i = 0; lbuf[i] && window->status_line[k][i]; i++) + { + if ((u_char) lbuf[i] != window->status_line[k][i]) + break; + if (lbuf[i] != REV_TOG + && lbuf[i] != UND_TOG + && lbuf[i] != ALL_OFF + && lbuf[i] != BOLD_TOG) + RealPosition++; + } + } + else + i = 0; + + if ((len = my_strlen(lbuf + i)) || lbuf[i] || + window->status_line[k] || window->status_line[k][i]) + { + Screen *old_current_screen; + + old_current_screen = current_screen; + set_current_screen(window->screen); + term_move_cursor(RealPosition, window->bottom + k); + output_line(lbuf, NULL, i); + cursor_in_display(); + if (term_clear_to_eol()) + term_space_erase(len); + malloc_strcpy(&window->status_line[k], lbuf); + set_current_screen(old_current_screen); + } } static u_char * @@@@ -1429,7 +1437,8 @@@@ return; bzero(lbuf, BIG_BUFFER_SIZE); - for (pos = 0, s = str; s && pos < BIG_BUFFER_SIZE && pos < n; s++) + /* there can be 4 more chars stuff in: REV *s REV \0 */ + for (pos = 0, s = str; s && pos < (BIG_BUFFER_SIZE - 4) && n--; s++) { so = 0; if (translation) --- ircii-20021103/source/whois.c Tue Sep 3 04:39:31 2002 +++ ircii-20030315/source/whois.c Thu Mar 13 12:34:28 2003 @@@@ -1309,11 +1309,11 @@@@ { u_char args[BIG_BUFFER_SIZE + 1]; - my_strcpy(args, stuff->nick ? stuff->nick : empty_string); - my_strcat(args, stuff->oper ? " + " : " - "); - my_strcat(args, stuff->away ? "+ " : "- "); - my_strcat(args, stuff->user ? stuff->user : empty_string); - my_strcat(args, " "); - my_strcat(args, stuff->host ? stuff->host : empty_string); + my_strmcpy(args, stuff->nick ? stuff->nick : empty_string, BIG_BUFFER_SIZE); + my_strmcat(args, stuff->oper ? " + " : " - ", BIG_BUFFER_SIZE); + my_strmcat(args, stuff->away ? "+ " : "- ", BIG_BUFFER_SIZE); + my_strmcat(args, stuff->user ? stuff->user : empty_string, BIG_BUFFER_SIZE); + my_strmcat(args, " ", BIG_BUFFER_SIZE); + my_strmcat(args, stuff->host ? stuff->host : empty_string, BIG_BUFFER_SIZE); parse_line((u_char *) 0, text, args, 0, 0, 1); } @