znc (0.092-3) 01-out-of-range-error.diff

Summary

 Client.cpp              |   18 ++++++++----------
 IRCSock.cpp             |    9 +++++----
 modules/adminlog.cpp    |    2 +-
 modules/away.cpp        |    2 +-
 modules/extra/email.cpp |   14 +++-----------
 modules/partyline.cpp   |    5 ++++-
 6 files changed, 22 insertions(+), 28 deletions(-)

    
download this patch

Patch contents

# Add upstream patch 01-out-of-range-error.diff, which fixes a DoS from
# authenticated users.
# Closes: #592064

diff -Naur znc-0.092.orig//Client.cpp znc-0.092/Client.cpp
--- znc-0.092.orig//Client.cpp	2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/Client.cpp	2010-08-16 19:57:39.000000000 +0200
@@ -179,17 +179,15 @@
 		PutStatusNotice("Detached from [" + sChan + "]");
 		return;
 	} else if (sCommand.Equals("PING")) {
-		CString sTarget = sLine.Token(1);
-
-		// If the client meant to ping us or we can be sure the server
-		// won't answer the ping (=no server connected) -> PONG back.
-		// else: It's the server's job to send a PONG.
-		if (sTarget.Equals("irc.znc.in") || !GetIRCSock()) {
-			PutClient("PONG " + sLine.substr(5));
-			return;
-		}
+		// All PONGs are generated by znc. We will still forward this to
+		// the ircd, but all PONGs from irc will be blocked.
+		if (sLine.length() >= 5)
+			PutClient(":irc.znc.in PONG irc.znc.in " + sLine.substr(5));
+		else
+			PutClient(":irc.znc.in PONG irc.znc.in");
 	} else if (sCommand.Equals("PONG")) {
-		return;  // Block pong replies, we already responded to the pings
+		// Block PONGs, we already responded to the pings
+		return;
 	} else if (sCommand.Equals("JOIN")) {
 		CString sChans = sLine.Token(1);
 		CString sKey = sLine.Token(2);
diff -Naur znc-0.092.orig//IRCSock.cpp znc-0.092/IRCSock.cpp
--- znc-0.092.orig//IRCSock.cpp	2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/IRCSock.cpp	2010-08-16 19:57:51.000000000 +0200
@@ -79,15 +79,16 @@
 	MODULECALL(OnRaw(sLine), m_pUser, NULL, return);
 
 	if (sLine.Equals("PING ", false, 5)) {
+		// Generate a reply and don't forward this to any user,
+		// we don't want any PING forwarded
 		PutIRC("PONG " + sLine.substr(5));
-		m_pUser->PutUser(sLine);
 		return;
-	} else if (sLine.Token(1).Equals("PONG") && sLine.Token(3).Equals(":ZNC")) {
-		// We asked for this so don't forward the reply to clients.
+	} else if (sLine.Token(1).Equals("PONG")) {
+		// Block PONGs, we already responded to the pings
 		return;
 	} else if (sLine.Equals("ERROR ", false, 6)) {
 		//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
-		CString sError(sLine.substr(7));
+		CString sError(sLine.substr(6));
 
 		if (sError.Left(1) == ":") {
 			sError.LeftChomp();
diff -Naur znc-0.092.orig//modules/adminlog.cpp znc-0.092/modules/adminlog.cpp
--- znc-0.092.orig//modules/adminlog.cpp	2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/modules/adminlog.cpp	2010-08-16 19:57:51.000000000 +0200
@@ -52,7 +52,7 @@
 		if (sLine.Equals("ERROR ", false, 6)) {
 			//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
 			//ERROR :Closing Link: nick[24.24.24.24] Killer (Local kill by Killer (reason))
-			CString sError(sLine.substr(7));
+			CString sError(sLine.substr(6));
 			if (sError.Left(1) == ":")
 				sError.LeftChomp();
 			Log("[" + m_pUser->GetUserName() + "] disconnected from IRC: " +
diff -Naur znc-0.092.orig//modules/away.cpp znc-0.092/modules/away.cpp
--- znc-0.092.orig//modules/away.cpp	2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/modules/away.cpp	2010-08-16 19:57:51.000000000 +0200
@@ -390,7 +390,7 @@
 			CBlowfish c(m_sPassword, BF_DECRYPT);
 			sBuffer = c.Crypt(sFile);
 
-			if (sBuffer.substr(0, strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
+			if (sBuffer.Left(strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
 			{
 				// failed to decode :(
 				PutModule("Unable to decode Encrypted messages");
diff -Naur znc-0.092.orig//modules/extra/email.cpp znc-0.092/modules/extra/email.cpp
--- znc-0.092.orig//modules/extra/email.cpp	2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/modules/extra/email.cpp	2010-08-16 19:57:51.000000000 +0200
@@ -154,7 +154,7 @@
 
 	virtual void ReadLine(const CS_STRING & sLine)
 	{
-		if (sLine.substr(0, 5) == "From ")
+		if (sLine.Left(5) == "From ")
 		{
 			if (!m_sMailBuffer.empty())
 			{
@@ -168,7 +168,7 @@
 	void ProcessMail()
 	{
 		EmailST tmp;
-		tmp.sUidl = (char *)CMD5(m_sMailBuffer.substr(0, 255));
+		tmp.sUidl = (char *)CMD5(m_sMailBuffer.Left(255));
 		VCString vsLines;
 		VCString::iterator it;
 
@@ -200,15 +200,7 @@
 
 void CEmail::OnModCommand(const CString& sCommand)
 {
-	CString::size_type iPos = sCommand.find(" ");
-	CString sCom, sArgs;
-	if (iPos == CString::npos)
-		sCom = sCommand;
-	else
-	{
-		sCom = sCommand.substr(0, iPos);
-		sArgs = sCommand.substr(iPos + 1, CString::npos);
-	}
+	CString sCom = sCommand.Token(0);
 
 	if (sCom == "timers")
 	{
diff -Naur znc-0.092.orig//modules/partyline.cpp znc-0.092/modules/partyline.cpp
--- znc-0.092.orig//modules/partyline.cpp	2010-05-02 10:36:57.000000000 +0200
+++ znc-0.092/modules/partyline.cpp	2010-08-16 19:57:08.000000000 +0200
@@ -168,7 +168,10 @@
 			if (uPos != CString::npos) {
 				uPos = sLine.find(" ", uPos);
 
-				sLine.insert(uPos, CHAN_PREFIX_1);
+				if (uPos == CString::npos)
+					sLine.append(CHAN_PREFIX_1);
+				else
+					sLine.insert(uPos, CHAN_PREFIX_1);
 				m_spInjectedPrefixes.insert(m_pUser);
 			}
 		}