Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash fix: strcpy-param-overlap #1613

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Crash fix: strcpy-param-overlap #1613

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b65d810
Fix strcpy-param-overlap
michaelortmann Jun 13, 2024
2e821b5
More
michaelortmann Jun 13, 2024
16656a1
More
michaelortmann Jun 13, 2024
d94197d
Merge remote-tracking branch 'upstream/develop' into strcpy-param-ove…
michaelortmann Jul 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/mod/filesys.mod/filedb3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -994,7 +994,7 @@ static void filedb_ls(FILE *fdb, int idx, char *mask, int showall)
filelist_addout(flist, sd);
my_free(sd);
}
strcpy(fdbe->desc, p + 1);
memmove(fdbe->desc, p + 1, strlen(p + 1) + 1);
p = strchr(fdbe->desc, '\n');
}
if ((fdbe->desc)[0]) {
Expand Down Expand Up @@ -1036,7 +1036,7 @@ static void remote_filereq(int idx, char *from, char *file)
if (p) {
*p = 0;
malloc_strcpy(dir, what);
strcpy(what, p + 1);
memmove(what, p + 1, strlen(p + 1) + 1);
} else {
malloc_strcpy(dir, "");
}
Expand Down
15 changes: 7 additions & 8 deletions src/mod/filesys.mod/files.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,9 +169,8 @@ static int resolve_dir(char *current, char *change, char **real, int idx)
p = strchr(new, '/');
while (p) {
*p = 0;
p++;
malloc_strcpy(elem, new);
strcpy(new, p);
memmove(new, p + 1, strlen(p + 1) + 1);
if (!elem[0] || !strcmp(elem, ".")) {
p = strchr(new, '/');
continue;
Expand Down Expand Up @@ -446,7 +445,7 @@ static void cmd_reget_get(int idx, char *par, int resend)
if (p != NULL) {
*p = 0;
malloc_strcpy(s, what);
strcpy(what, p + 1);
memmove(what, p + 1, strlen(p + 1) + 1);
if (!resolve_dir(dcc[idx].u.file->dir, s, &destdir, idx)) {
my_free(destdir);
my_free(s);
Expand Down Expand Up @@ -806,8 +805,8 @@ static void cmd_desc(int idx, char *par)
/* Replace | with linefeeds, limit 5 lines */
lin = 0;
q = desc;
while ((*q <= 32) && (*q))
strcpy(q, &q[1]); /* Zapf leading spaces */
while ((*q <= 32) && (*q)) /* Zapf leading spaces */
memmove(q, q + 1, strlen(q));
p = strchr(q, '|');
while (p != NULL) {
/* Check length */
Expand All @@ -827,8 +826,8 @@ static void cmd_desc(int idx, char *par)
*p = '\n';
q = p + 1;
lin++;
while ((*q <= 32) && (*q))
strcpy(q, &q[1]);
while ((*q <= 32) && (*q)) /* Zapf leading spaces */
memmove(q, q + 1, strlen(q));
if (lin == 5) {
*p = 0;
p = NULL;
Expand Down Expand Up @@ -1112,7 +1111,7 @@ static void cmd_mv_cp(int idx, char *par, int copy)
if (p != NULL) {
*p = 0;
malloc_strcpy(s, fn);
strcpy(fn, p + 1);
memmove(fn, p + 1, strlen(p + 1) + 1);
if (!resolve_dir(dcc[idx].u.file->dir, s, &oldpath, idx)) {
dprintf(idx, "%s", FILES_ILLSOURCE);
my_free(s);
Expand Down
2 changes: 1 addition & 1 deletion src/mod/filesys.mod/tclfiles.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ static int tcl_mv_cp(Tcl_Interp *irp, int argc, char **argv, int copy)
if (p != NULL) {
*p = 0;
malloc_strcpy(s, fn);
strcpy(fn, p + 1);
memmove(fn, p + 1, strlen(p + 1) + 1);
if (!resolve_dir("/", s, &oldpath, -1)) {
/* Tcl can do * anything */
Tcl_AppendResult(irp, "-1", NULL); /* Invalid source */
Expand Down
8 changes: 4 additions & 4 deletions src/mod/irc.mod/chan.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1023,7 +1023,7 @@ static int got324(char *from, char *msg)
if (q != NULL) {
*q = 0;
set_key(chan, p);
strcpy(p, q + 1);
memmove(p, q + 1, strlen(q + 1) + 1);
} else {
set_key(chan, p);
*p = 0;
Expand All @@ -1046,7 +1046,7 @@ static int got324(char *from, char *msg)
if (q != NULL) {
*q = 0;
chan->channel.maxmembers = atoi(p);
strcpy(p, q + 1);
memmove(p, q + 1, strlen(q + 1) + 1);
} else {
chan->channel.maxmembers = atoi(p);
*p = 0;
Expand Down Expand Up @@ -2590,7 +2590,7 @@ static int gotmsg(char *from, char *msg)
*p = 0;
ctcp = buf2;
strlcpy(buf2, p1, sizeof buf2);
memmove(p1 - 1, p + 1, strlen(p));
memmove(p1 - 1, p + 1, strlen(p + 1) + 1);
detect_chan_flood(nick, uhost, from, chan, strncmp(ctcp, "ACTION ", 7) ?
FLOOD_CTCP : FLOOD_PRIVMSG, NULL);

Expand Down Expand Up @@ -2708,7 +2708,7 @@ static int gotnotice(char *from, char *msg)
*p = 0;
ctcp = buf2;
strcpy(ctcp, p1);
memmove(p1 - 1, p + 1, strlen(p));
memmove(p1 - 1, p + 1, strlen(p + 1) + 1);
p = strchr(msg, 1);
detect_chan_flood(nick, uhost, from, chan,
strncmp(ctcp, "ACTION ", 7) ?
Expand Down
2 changes: 1 addition & 1 deletion src/mod/server.mod/servmsg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -589,7 +589,7 @@ static int gotmsg(char *from, char *msg)
ctcp = ctcpbuf;

/* remove the ctcp in msg */
memmove(p1 - 1, p + 1, strlen(p));
memmove(p1 - 1, p + 1, strlen(p + 1) + 1);

if (!ignoring)
detect_flood(nick, uhost, from,
Expand Down