Februar 2013 - ngIRCd GIT Updates

Alexander Barton : irc-info: move static functions at the top of the file
by alex＠arthur.barton.de 22 Feb '13

22 Feb '13

Module: ngircd.git Branch: master Commit: 5facf5c15ecc49bad1c12e8f624877fb8637e63b URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=5facf5c1… Author: Alexander Barton <alex(a)barton.de> Date: Sat Feb 9 23:18:49 2013 +0100 irc-info: move static functions at the top of the file --- src/ngircd/irc-info.c | 943 ++++++++++++++++++++++++------------------------- 1 file changed, 468 insertions(+), 475 deletions(-) Diff: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commitdiff;h=5fac…

1 0

Alexander Barton : Implement new function Client_SearchServer()
by alex＠arthur.barton.de 22 Feb '13

22 Feb '13

Module: ngircd.git Branch: master Commit: 0ad0fe207ab1705a2b042e7f47f1e0d8ce46e2a9 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=0ad0fe20… Author: Alexander Barton <alex(a)barton.de> Date: Tue Feb 5 13:04:11 2013 +0100 Implement new function Client_SearchServer() This function returns the server structure of a client or a given "mask"; it is useful for implemention handlers for commands like "COMMAND *.net", which should work on a server matching "*.net". Please note that the local server is always returned when it matches the mask, but besides that, the order is completely arbitrary. --- src/ngircd/client.c | 44 +++++++++++++++++++++++++++++++++++++++----- src/ngircd/client.h | 1 + 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/src/ngircd/client.c b/src/ngircd/client.c index d10775a..37b168f 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -41,6 +41,7 @@ #include "hash.h" #include "irc-write.h" #include "log.h" +#include "match.h" #include "messages.h" #include <exp.h> @@ -556,13 +557,14 @@ Client_ModeDel( CLIENT *Client, char Mode ) } /* Client_ModeDel */ +/** + * Search CLIENT structure of a given nick name. + * + * @return Pointer to CLIENT structure or NULL if not found. + */ GLOBAL CLIENT * Client_Search( const char *Nick ) { - /* return Client-Structure that has the corresponding Nick. - * If none is found, return NULL. - */ - char search_id[CLIENT_ID_LEN], *ptr; CLIENT *c = NULL; UINT32 search_hash; @@ -583,7 +585,39 @@ Client_Search( const char *Nick ) c = (CLIENT *)c->next; } return NULL; -} /* Client_Search */ +} + + +/** + * Serach first CLIENT structure matching a given mask of a server. + * + * The order of servers is arbitrary, but this function makes sure that the + * local server is always returned if the mask matches it. + * + * @return Pointer to CLIENT structure or NULL if no server could be found. + */ +GLOBAL CLIENT * +Client_SearchServer(const char *Mask) +{ + CLIENT *c; + + assert(Mask != NULL); + + /* First check if mask matches the local server */ + if (MatchCaseInsensitive(Mask, Client_ID(Client_ThisServer()))) + return Client_ThisServer(); + + c = My_Clients; + while (c) { + if (Client_Type(c) == CLIENT_SERVER) { + /* This is a server: check if Mask matches */ + if (MatchCaseInsensitive(Mask, c->id)) + return c; + } + c = (CLIENT *)c->next; + } + return NULL; +} /** diff --git a/src/ngircd/client.h b/src/ngircd/client.h index ebbd06c..c248d1b 100644 --- a/src/ngircd/client.h +++ b/src/ngircd/client.h @@ -94,6 +94,7 @@ GLOBAL CLIENT *Client_ThisServer PARAMS(( void )); GLOBAL CLIENT *Client_GetFromToken PARAMS(( CLIENT *Client, int Token )); GLOBAL CLIENT *Client_Search PARAMS(( const char *ID )); +GLOBAL CLIENT *Client_SearchServer PARAMS(( const char *ID )); GLOBAL CLIENT *Client_First PARAMS(( void )); GLOBAL CLIENT *Client_Next PARAMS(( CLIENT *c ));

1 0

Alexander Barton : configure: conversation -> conversion
by alex＠arthur.barton.de 15 Feb '13

15 Feb '13

Module: ngircd.git Branch: master Commit: d5763937ad8d482f3e62299428f8cb4b601c6ace URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=d5763937… Author: Alexander Barton <alex(a)barton.de> Date: Fri Feb 15 21:26:47 2013 +0100 configure: conversation -> conversion --- configure.ng | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ng b/configure.ng index 034b565..c030996 100644 --- a/configure.ng +++ b/configure.ng @@ -519,7 +519,7 @@ if test "$x_ircplus_on" = "yes"; then x_iconv_on=no AC_ARG_WITH(iconv, AS_HELP_STRING([--with-iconv], - [enable character conversation using libiconv]), + [enable character conversion using libiconv]), [ if test "$withval" != "no"; then if test "$withval" != "yes"; then CFLAGS="-I$withval/include $CFLAGS"

1 0

Alexander Barton : ngIRCd Release 20.2
by alex＠arthur.barton.de 15 Feb '13

15 Feb '13

Module: ngircd.git Branch: master Commit: 25b19e08e2083f7b1972820ca4c096687d7eeaca URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=25b19e08… Author: Alexander Barton <alex(a)barton.de> Date: Fri Feb 15 12:18:02 2013 +0100 ngIRCd Release 20.2 (cherry picked from commit c45d9dd1f08fddb95fa01d62c69848cd753a3161) --- ChangeLog | 29 +++++++++++++++++++++++++++++ NEWS | 6 ++++++ contrib/Debian/changelog | 6 ++++++ contrib/ngircd.spec | 2 +- 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a4cfdb9..08d337f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,35 @@ -- ChangeLog -- +ngIRCd 20.2 (2013-02-15) + + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon. + - WHO command: Use the currently "displayed hostname" (which can be cloaked!) + for hostname matching, not the real one. In other words: don't display all + the cloaked users on a specific real hostname! + - configure: The header file "netinet/in_systm.h" already is optional in + ngIRCd, so don't require it in the configure script. Now ngIRCd can be + built on Minix 3 again :-) + - Return better "Connection not registered as server link" errors: Now ngIRCd + returns a more specific error message for numeric ERR_NOTREGISTERED(451) + when a regular user tries to use a command that isn't allowed for users but + for servers. + - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes + than nicknames is handled, as well as for channel limit and key changes + without specifying the limit or key parameters. + This is how a lot (all?) other IRC servers behave, including ircd2.11, + InspIRCd, and ircd-seven. And because of clients (tested with Textual and + mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the + expected result as well as correct but misleading error messages ... + - Correctly detect when SSL subsystem must be initialized and take + outgoing connections (server links!) into account, too. + - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The + new parallel test harness which is enabled by default starting with + automake 1.13 isn't compatible with our test suite. + And don't use "egrep -o", insetead use "sed", because it isn't portable + and not available on OpenBSD, for example. + ngIRCd 20.1 (2013-01-02) - Allow ERROR command on server and service links only, ignore them and diff --git a/NEWS b/NEWS index be743e6..38f6029 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,12 @@ -- NEWS -- +ngIRCd 20.2 (2013-02-15) + + - This release is a bugfix release only, without new features. + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon. + ngIRCd 20.1 (2013-01-02) - This release is a bugfix release only, without new features. diff --git a/contrib/Debian/changelog b/contrib/Debian/changelog index 03c3df6..2e39af0 100644 --- a/contrib/Debian/changelog +++ b/contrib/Debian/changelog @@ -1,3 +1,9 @@ +ngircd (20.2-0ab1) unstable; urgency=high + + * New "upstream" release, fixing a security related bug: ngIRCd 20.2. + + -- Alexander Barton <alex(a)barton.de> Fri, 15 Feb 2013 12:17:00 +0100 + ngircd (20.1-0ab1) unstable; urgency=low * New "upstream" release: ngIRCd 20.1. diff --git a/contrib/ngircd.spec b/contrib/ngircd.spec index fa0a6a1..e2448a4 100644 --- a/contrib/ngircd.spec +++ b/contrib/ngircd.spec @@ -1,5 +1,5 @@ %define name ngircd -%define version 20.1 +%define version 20.2 %define release 1 %define prefix %{_prefix}

1 0

Alexander Barton : ngIRCd Release 20.2
by alex＠arthur.barton.de 15 Feb '13

15 Feb '13

Module: ngircd.git Branch: branch-20.x Commit: c45d9dd1f08fddb95fa01d62c69848cd753a3161 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=c45d9dd1… Author: Alexander Barton <alex(a)barton.de> Date: Fri Feb 15 12:18:02 2013 +0100 ngIRCd Release 20.2 --- ChangeLog | 29 +++++++++++++++++++++++++++++ NEWS | 6 ++++++ contrib/Debian/changelog | 6 ++++++ contrib/ngircd.spec | 2 +- 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a4cfdb9..08d337f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,35 @@ -- ChangeLog -- +ngIRCd 20.2 (2013-02-15) + + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon. + - WHO command: Use the currently "displayed hostname" (which can be cloaked!) + for hostname matching, not the real one. In other words: don't display all + the cloaked users on a specific real hostname! + - configure: The header file "netinet/in_systm.h" already is optional in + ngIRCd, so don't require it in the configure script. Now ngIRCd can be + built on Minix 3 again :-) + - Return better "Connection not registered as server link" errors: Now ngIRCd + returns a more specific error message for numeric ERR_NOTREGISTERED(451) + when a regular user tries to use a command that isn't allowed for users but + for servers. + - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes + than nicknames is handled, as well as for channel limit and key changes + without specifying the limit or key parameters. + This is how a lot (all?) other IRC servers behave, including ircd2.11, + InspIRCd, and ircd-seven. And because of clients (tested with Textual and + mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the + expected result as well as correct but misleading error messages ... + - Correctly detect when SSL subsystem must be initialized and take + outgoing connections (server links!) into account, too. + - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The + new parallel test harness which is enabled by default starting with + automake 1.13 isn't compatible with our test suite. + And don't use "egrep -o", insetead use "sed", because it isn't portable + and not available on OpenBSD, for example. + ngIRCd 20.1 (2013-01-02) - Allow ERROR command on server and service links only, ignore them and diff --git a/NEWS b/NEWS index be743e6..38f6029 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,12 @@ -- NEWS -- +ngIRCd 20.2 (2013-02-15) + + - This release is a bugfix release only, without new features. + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon. + ngIRCd 20.1 (2013-01-02) - This release is a bugfix release only, without new features. diff --git a/contrib/Debian/changelog b/contrib/Debian/changelog index 03c3df6..2e39af0 100644 --- a/contrib/Debian/changelog +++ b/contrib/Debian/changelog @@ -1,3 +1,9 @@ +ngircd (20.2-0ab1) unstable; urgency=high + + * New "upstream" release, fixing a security related bug: ngIRCd 20.2. + + -- Alexander Barton <alex(a)barton.de> Fri, 15 Feb 2013 12:17:00 +0100 + ngircd (20.1-0ab1) unstable; urgency=low * New "upstream" release: ngIRCd 20.1. diff --git a/contrib/ngircd.spec b/contrib/ngircd.spec index fa0a6a1..e2448a4 100644 --- a/contrib/ngircd.spec +++ b/contrib/ngircd.spec @@ -1,5 +1,5 @@ %define name ngircd -%define version 20.1 +%define version 20.2 %define release 1 %define prefix %{_prefix}

1 0

Sebastian Köhler : KICK: Fix denial of service bug
by alex＠arthur.barton.de 15 Feb '13

15 Feb '13

Module: ngircd.git Branch: branch-20.x Commit: b3d4cf9081fc32df969760b5b58a21954a27d073 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=b3d4cf90… Author: Sebastian Köhler <sebkoehler(a)whoami.org.uk> Date: Thu Feb 14 19:21:01 2013 +0100 KICK: Fix denial of service bug Test if the user that it is to be kicked is on the channel before user channel modes are tested. Otherwise assert( cl2chan != NULL ); in line 742 would fail and stop the service. (cherry picked from commit 0e63fb3fa7ac4ca048e8c2b648d2be3fd0572311) --- src/ngircd/channel.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c index 00aafe0..b7c3570 100644 --- a/src/ngircd/channel.c +++ b/src/ngircd/channel.c @@ -326,6 +326,13 @@ Channel_Kick(CLIENT *Peer, CLIENT *Target, CLIENT *Origin, const char *Name, } } + /* Check that the client to be kicked is on the specified channel */ + if (!Channel_IsMemberOf(chan, Target)) { + IRC_WriteStrClient(Origin, ERR_USERNOTINCHANNEL_MSG, + Client_ID(Origin), Client_ID(Target), Name ); + return; + } + if(Client_Type(Peer) == CLIENT_USER) { /* Channel mode 'Q' and user mode 'q' on target: nobody but * IRC Operators and servers can kick the target user */ @@ -382,13 +389,6 @@ Channel_Kick(CLIENT *Peer, CLIENT *Target, CLIENT *Origin, const char *Name, } } - /* Check that the client to be kicked is on the specified channel */ - if (!Channel_IsMemberOf(chan, Target)) { - IRC_WriteStrClient(Origin, ERR_USERNOTINCHANNEL_MSG, - Client_ID(Origin), Client_ID(Target), Name ); - return; - } - /* Kick Client from channel */ Remove_Client( REMOVE_KICK, chan, Target, Origin, Reason, true); } /* Channel_Kick */

1 0

Sebastian Köhler : KICK: Fix denial of service bug
by alex＠arthur.barton.de 15 Feb '13

15 Feb '13

Module: ngircd.git Branch: master Commit: 0e63fb3fa7ac4ca048e8c2b648d2be3fd0572311 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=0e63fb3f… Author: Sebastian Köhler <sebkoehler(a)whoami.org.uk> Date: Thu Feb 14 19:21:01 2013 +0100 KICK: Fix denial of service bug Test if the user that it is to be kicked is on the channel before user channel modes are tested. Otherwise assert( cl2chan != NULL ); in line 742 would fail and stop the service. --- src/ngircd/channel.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c index 4eab272..45bf615 100644 --- a/src/ngircd/channel.c +++ b/src/ngircd/channel.c @@ -326,6 +326,13 @@ Channel_Kick(CLIENT *Peer, CLIENT *Target, CLIENT *Origin, const char *Name, } } + /* Check that the client to be kicked is on the specified channel */ + if (!Channel_IsMemberOf(chan, Target)) { + IRC_WriteStrClient(Origin, ERR_USERNOTINCHANNEL_MSG, + Client_ID(Origin), Client_ID(Target), Name ); + return; + } + if(Client_Type(Peer) == CLIENT_USER) { /* Channel mode 'Q' and user mode 'q' on target: nobody but * IRC Operators and servers can kick the target user */ @@ -382,13 +389,6 @@ Channel_Kick(CLIENT *Peer, CLIENT *Target, CLIENT *Origin, const char *Name, } } - /* Check that the client to be kicked is on the specified channel */ - if (!Channel_IsMemberOf(chan, Target)) { - IRC_WriteStrClient(Origin, ERR_USERNOTINCHANNEL_MSG, - Client_ID(Origin), Client_ID(Target), Name ); - return; - } - /* Kick Client from channel */ Remove_Client( REMOVE_KICK, chan, Target, Origin, Reason, true); } /* Channel_Kick */

1 0

Alexander Barton : sighandlers.c: Update some log messages
by alex＠arthur.barton.de 13 Feb '13

13 Feb '13

Module: ngircd.git Branch: master Commit: 3e723318961b452c851eda2bec2a322fc249bfce URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=3e723318… Author: Alexander Barton <alex(a)barton.de> Date: Wed Feb 13 00:26:16 2013 +0100 sighandlers.c: Update some log messages --- src/ngircd/sighandlers.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/src/ngircd/sighandlers.c b/src/ngircd/sighandlers.c index 8f0a5a1..6d5ea8f 100644 --- a/src/ngircd/sighandlers.c +++ b/src/ngircd/sighandlers.c @@ -1,5 +1,6 @@ /* * ngIRCd -- The Next Generation IRC Daemon + * Copyright (c)2001-2013 Alexander Barton (alex(a)barton.de) and Contributors. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,7 +41,6 @@ static const int signals_catch[] = { SIGINT, SIGQUIT, SIGTERM, SIGHUP, SIGCHLD, SIGUSR1, SIGUSR2 }; - #ifdef DEBUG static void @@ -57,7 +57,6 @@ Dump_State(void) #endif - static void Signal_Block(int sig) { @@ -73,7 +72,6 @@ Signal_Block(int sig) #endif } - static void Signal_Unblock(int sig) { @@ -90,7 +88,6 @@ Signal_Unblock(int sig) #endif } - /** * Reload the server configuration file. */ @@ -117,18 +114,21 @@ Rehash(void) * be changed during run-time */ if (strcmp(old_name, Conf_ServerName) != 0 ) { strlcpy(Conf_ServerName, old_name, sizeof Conf_ServerName); - Log(LOG_ERR, "Can't change \"ServerName\" on runtime! Ignored new name."); + Log(LOG_ERR, + "Can't change \"ServerName\" on runtime! Ignored new name."); } if (old_nicklen != Conf_MaxNickLength) { Conf_MaxNickLength = old_nicklen; - Log(LOG_ERR, "Can't change \"MaxNickLength\" on runtime! Ignored new value."); + Log(LOG_ERR, + "Can't change \"MaxNickLength\" on runtime! Ignored new value."); } /* Create new pre-defined channels */ Channel_InitPredefined( ); if (!ConnSSL_InitLibrary()) - Log(LOG_WARNING, "Re-Initializing SSL failed, using old keys"); + Log(LOG_WARNING, + "Re-Initializing of SSL failed, using old keys!"); /* Start listening on sockets */ Conn_InitListeners( ); @@ -139,7 +139,6 @@ Rehash(void) Log( LOG_NOTICE|LOG_snotice, "Re-reading of configuration done." ); } /* Rehash */ - /** * Signal handler of ngIRCd. * This function is called whenever ngIRCd catches a signal sent by the @@ -198,7 +197,6 @@ Signal_Handler(int Signal) Signal_Block(Signal); } /* Signal_Handler */ - /** * Signal processing handler of ngIRCd. * This function is called from the main conn event loop in (io_dispatch) @@ -231,7 +229,6 @@ Signal_Handler_BH(int Signal) Signal_Unblock(Signal); } - static void Signal_Callback(int fd, short UNUSED what) { @@ -248,15 +245,15 @@ Signal_Callback(int fd, short UNUSED what) if (errno == EAGAIN || errno == EINTR) return; - Log(LOG_EMERG, "read from signal pipe: %s", strerror(errno)); + Log(LOG_EMERG, "Read from signal pipe: %s - Exiting!", + strerror(errno)); exit(1); } - Log(LOG_EMERG, "EOF on signal pipe"); + Log(LOG_EMERG, "EOF on signal pipe!? - Exiting!"); exit(1); } - /** * Initialize the signal handlers, catch * those signals we are interested in and sets SIGPIPE to be ignored. @@ -306,7 +303,6 @@ Signals_Init(void) return io_event_create(signalpipe[0], IO_WANTREAD, Signal_Callback); } /* Signals_Init */ - /** * Restores signals to their default behaviour. *

1 0

Alexander Barton : my_sd_listen_fds(): really return an "int"
by alex＠arthur.barton.de 11 Feb '13

11 Feb '13

Module: ngircd.git Branch: master Commit: 1438771124ed4730aca2d722595166e31ecd88c5 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=14387711… Author: Alexander Barton <alex(a)barton.de> Date: Mon Feb 11 23:25:13 2013 +0100 my_sd_listen_fds(): really return an "int" This fixes the following warning using Apple LLVM version 4.2 (clang-425.0.24) on OS X: src/ngircd/conn.c:157:9: Implicit conversion loses integer precision: 'long' to 'int' --- src/ngircd/conn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index 3a43042..3c1427d 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -139,7 +139,7 @@ static int my_sd_listen_fds(void) { const char *e; - long count; + int count; /* Check if LISTEN_PID exists; but we ignore the result, because * normally ngircd forks a child before checking this, and therefore @@ -151,7 +151,7 @@ my_sd_listen_fds(void) e = getenv("LISTEN_FDS"); if (!e || !*e) return -1; - count = atol(e); + count = atoi(e); unsetenv("LISTEN_FDS"); return count;

1 0

Alexander Barton : Merge branch 'bug155-allowAtInUser'
by alex＠arthur.barton.de 11 Feb '13

11 Feb '13

Module: ngircd.git Branch: master Commit: b95dfb3ffd798e00df54b52496963d2a998ccbb0 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=b95dfb3f… Author: Alexander Barton <alex(a)barton.de> Date: Mon Feb 11 13:58:30 2013 +0100 Merge branch 'bug155-allowAtInUser' * bug155-allowAtInUser: Allow "@" character in user names for authentication ---

1 0