Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crashfix jump server name and pass len handling #1725

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Crashfix jump server name and pass len handling #1725

wants to merge 3 commits into from

Conversation

michaelortmann
Copy link
Member

@michaelortmann michaelortmann commented Dec 23, 2024
edited
Loading

Found by: michaelortmann
Patch by: michaelortmann
Fixes:

One-line summary:

Additional description (if needed):
Due to eggdrops mod API, we cannot use sizeof in irc.mod for strings defined in server.mod. I guess this is the reason those strcpy()s were not converted to strlcpy()s before.

Test cases demonstrating functionality (if applicable):
/msg BotA jump hunter2 aaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaaabbbbbbbbbba.edu

[08:27:50] [@] :testuser!~michael@localhost PRIVMSG BotA :jump hunter2 aaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaaabbbbbbbbbba.edu
[08:27:50] pbkdf2 method SHA256 rounds 16000, user 10.718ms sys 6.447ms
[08:27:50] (testuser!~michael@localhost) !testuser! JUMP aaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaabbbbbbbbbbaaaaaaaaaaabbbbbbbbbba.edu 6667 
=================================================================
==28916==ERROR: AddressSanitizer: global-buffer-overflow on address 0x78eb664f6b79 at pc 0x78eb69ef6a02 bp 0x7ffdedec78b0 sp 0x7ffdedec7058
WRITE of size 127 at 0x78eb664f6b79 thread T0
    #0 0x78eb69ef6a01 in strcpy /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:563
    #1 0x78eb64d84943 in msg_jump .././irc.mod/msgcmds.c:1098
[...]

@michaelortmann michaelortmann changed the title Fix jump server name and pass len handling Crashfix jump server name and pass len handling Dec 23, 2024
@vanosg vanosg added this to the v1.10.1 milestone Jan 12, 2025
thommey
thommey requested changes Jan 20, 2025
View reviewed changes
src/mod/server.mod/servmsg.c Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thommey thommey thommey requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.10.1
Development

Successfully merging this pull request may close these issues.
3 participants
@michaelortmann @thommey @vanosg