Branch: refs/heads/master Home: https://github.com/ngircd/ngircd Commit: 6a622c0084ec69563609804520e2753501254503 https://github.com/ngircd/ngircd/commit/6a622c0084ec69563609804520e275350125... Author: Alexander Barton alex@barton.de Date: 2018-03-11 (Sun, 11 Mar 2018)

Changed paths: M contrib/MacOSX/ngIRCd.xcodeproj/project.pbxproj

Log Message: ----------- Update Xcode project for latest Xcode version (9.2)

This includes adding missing and deleting obsolete file references.

Commit: ac341176da5bbe99a9b07353f6e9790575ce1493 https://github.com/ngircd/ngircd/commit/ac341176da5bbe99a9b07353f6e9790575ce... Author: Alexander Barton alex@barton.de Date: 2018-03-11 (Sun, 11 Mar 2018)

Changed paths: M src/ngircd/irc-channel.c

Log Message: ----------- Only send TOPIC updates to a channel when the topic actually changed

This prevents the channel from becoming flooded by unecessary TOPIC update messages, that can happen when IRC services try to enforce a certain topic but which is already set (at least on the local server), for example. Therefore still forward it to all servers, but don't inform local clients (still update setter and timestamp information, though!)

Commit: 798de94d6556bdf2c6019f368ad7441fe6e2d1be https://github.com/ngircd/ngircd/commit/798de94d6556bdf2c6019f368ad7441fe6e2... Author: Alexander Barton alex@barton.de Date: 2018-03-11 (Sun, 11 Mar 2018)

Changed paths: M src/ngircd/irc.c

Log Message: ----------- Fix use-after-free while handling ERROR during client login

This patch fixes a "use after free" bug which is hit while processing ERROR commands while a new client is logging into the server, which leads to only the CLIENT structure becoming freed, but not the CONNECTION structure, too. And this leads to the daemon accessing the already freed CLIENT structure later on ...

So now IRC_ERROR() uses the correct function Conn_Close() to correctly free both structures.

The CONNECTION structure is cleaned up later on, and the freed CLIENT structure can't be overwritten during normal operations, therefore this bug normally can't crash (DoS) the service -- but you can easily hit it when using the GCC option "-fsanitize=address", or run ngIRCd with Valgrind.

Thanks a lot to Joseph Bisch joseph.bisch@gmail.com for discovering and reporting this issue!

Compare: https://github.com/ngircd/ngircd/compare/91ef17aba2b0...798de94d6556