Fix possible out of bounds read when being ctcp flooded
Note that this is unlikely to be triggerable by another user. Thanks to @dequis for discovering.
This commit is contained in:
Patrick Griffis
parent
8aa3b03261
commit
6e4fc09ce0
|
|
@ -340,17 +340,6 @@ flood_autodialog_timeout (gpointer data)
|
|||
int
|
||||
flood_check (char *nick, char *ip, server *serv, session *sess, int what) /*0=ctcp 1=priv */
|
||||
{
|
||||
/*
|
||||
serv
|
||||
int ctcp_counter;
|
||||
time_t ctcp_last_time;
|
||||
prefs
|
||||
unsigned int ctcp_number_limit;
|
||||
unsigned int ctcp_time_limit;
|
||||
*/
|
||||
char buf[512];
|
||||
char real_ip[132];
|
||||
int i;
|
||||
time_t current_time;
|
||||
current_time = time (NULL);
|
||||
|
||||
|
|
@ -367,20 +356,24 @@ flood_check (char *nick, char *ip, server *serv, session *sess, int what) /*0=ct
|
|||
serv->ctcp_counter++;
|
||||
if (serv->ctcp_counter == prefs.hex_flood_ctcp_num) /*if we reached the maximun numbers of ctcp in the seconds limits */
|
||||
{
|
||||
char *mask, *message, *real_ip;
|
||||
|
||||
serv->ctcp_last_time = current_time; /*we got the flood, restore all the vars for next one */
|
||||
serv->ctcp_counter = 0;
|
||||
for (i = 0; i < 128; i++)
|
||||
if (ip[i] == '@')
|
||||
break;
|
||||
g_snprintf (real_ip, sizeof (real_ip), "*!*%s", &ip[i]);
|
||||
|
||||
g_snprintf (buf, sizeof (buf),
|
||||
_("You are being CTCP flooded from %s, ignoring %s\n"),
|
||||
nick, real_ip);
|
||||
PrintText (sess, buf);
|
||||
real_ip = strchr (ip, '@');
|
||||
if (real_ip != NULL)
|
||||
mask = g_strdup_printf ("*!*%s", real_ip);
|
||||
else
|
||||
mask = g_strdup_printf ("%s!*", nick);
|
||||
|
||||
/* ignore CTCP */
|
||||
ignore_add (real_ip, IG_CTCP, FALSE);
|
||||
message = g_strdup_printf (_("You are being CTCP flooded from %s, ignoring %s\n"), nick, mask);
|
||||
|
||||
PrintText (sess, message);
|
||||
ignore_add (mask, IG_CTCP, FALSE);
|
||||
|
||||
g_free (message);
|
||||
g_free (mask);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -396,6 +389,7 @@ flood_check (char *nick, char *ip, server *serv, session *sess, int what) /*0=ct
|
|||
if (difftime (current_time, serv->msg_last_time) <
|
||||
prefs.hex_flood_msg_time)
|
||||
{
|
||||
char buf[512];
|
||||
serv->msg_counter++;
|
||||
if (serv->msg_counter == prefs.hex_flood_msg_num) /*if we reached the maximun numbers of ctcp in the seconds limits */
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue