Module: ngircd.git Branch: branch-20.x Commit: b3d4cf9081fc32df969760b5b58a21954a27d073 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=b3d4c...
Author: Sebastian Köhler sebkoehler@whoami.org.uk Date: Thu Feb 14 19:21:01 2013 +0100
KICK: Fix denial of service bug
Test if the user that it is to be kicked is on the channel before user channel modes are tested. Otherwise assert( cl2chan != NULL ); in line 742 would fail and stop the service. (cherry picked from commit 0e63fb3fa7ac4ca048e8c2b648d2be3fd0572311)
---
src/ngircd/channel.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c index 00aafe0..b7c3570 100644 --- a/src/ngircd/channel.c +++ b/src/ngircd/channel.c @@ -326,6 +326,13 @@ Channel_Kick(CLIENT *Peer, CLIENT *Target, CLIENT *Origin, const char *Name, } }
+ /* Check that the client to be kicked is on the specified channel */ + if (!Channel_IsMemberOf(chan, Target)) { + IRC_WriteStrClient(Origin, ERR_USERNOTINCHANNEL_MSG, + Client_ID(Origin), Client_ID(Target), Name ); + return; + } + if(Client_Type(Peer) == CLIENT_USER) { /* Channel mode 'Q' and user mode 'q' on target: nobody but * IRC Operators and servers can kick the target user */ @@ -382,13 +389,6 @@ Channel_Kick(CLIENT *Peer, CLIENT *Target, CLIENT *Origin, const char *Name, } }
- /* Check that the client to be kicked is on the specified channel */ - if (!Channel_IsMemberOf(chan, Target)) { - IRC_WriteStrClient(Origin, ERR_USERNOTINCHANNEL_MSG, - Client_ID(Origin), Client_ID(Target), Name ); - return; - } - /* Kick Client from channel */ Remove_Client( REMOVE_KICK, chan, Target, Origin, Reason, true); } /* Channel_Kick */