bitchx: add security patch for dcc
This commit is contained in:
parent
40926f38fb
commit
112f081a47
|
@ -0,0 +1,76 @@
|
|||
diff --git include/dcc.h include/dcc.h
|
||||
index 9cc1e7c..3e4f12d 100644
|
||||
--- include/dcc.h
|
||||
+++ include/dcc.h
|
||||
@@ -97,6 +97,7 @@
|
||||
#define DCC_OFFER 0x00040000
|
||||
#define DCC_DELETE 0x00080000
|
||||
#define DCC_TWOCLIENTS 0x00100000
|
||||
+#define DCC_RESUME_REQ 0x00200000
|
||||
|
||||
#ifdef NON_BLOCKING_CONNECTS
|
||||
#define DCC_CNCT_PEND 0x00200000
|
||||
diff --git source/dcc.c source/dcc.c
|
||||
index d0706f8..b158189 100644
|
||||
--- source/dcc.c
|
||||
+++ source/dcc.c
|
||||
@@ -1415,6 +1415,7 @@ UserList *ul = NULL;
|
||||
if (autoresume && stat(fullname, &sb) != -1) {
|
||||
n->transfer_orders.byteoffset = sb.st_size;
|
||||
n->bytes_read = 0L;
|
||||
+ new_d->sock.flags |= DCC_RESUME_REQ;
|
||||
send_ctcp(CTCP_PRIVMSG, nick, CTCP_DCC, "RESUME %s %d %ld", n->filename, ntohs(n->remport), sb.st_size);
|
||||
} else {
|
||||
DCC_int *new = NULL;
|
||||
@@ -3430,6 +3431,7 @@ void dcc_getfile_resume_start (char *nick, char *description, char *address, cha
|
||||
{
|
||||
SocketList *s;
|
||||
DCC_int *n;
|
||||
+const DCC_List *pending;
|
||||
char *tmp = NULL;
|
||||
char *fullname = NULL;
|
||||
struct stat sb;
|
||||
@@ -3442,6 +3444,14 @@ struct stat sb;
|
||||
put_it("%s", convert_output_format("$G %RDCC%n warning in dcc_getfile_resume_start", NULL));
|
||||
return;
|
||||
}
|
||||
+
|
||||
+ pending = find_dcc_pending(nick, description, NULL, DCC_FILEREAD, 0, -1);
|
||||
+ if (!pending || !(pending->sock.flags & DCC_RESUME_REQ))
|
||||
+ {
|
||||
+ put_it("%s", convert_output_format("$G %RDCC%n Ignoring unsolicited ACCEPT from $0", "%s", nick));
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
if (!(n = dcc_create(nick, description, NULL, 0, port?atol(port):0, DCC_FILEREAD, DCC_TWOCLIENTS|DCC_OFFER, start_dcc_get)))
|
||||
return;
|
||||
|
||||
@@ -3488,17 +3498,13 @@ int blocksize = 0;
|
||||
user = get_dcc_args(&args, &passwd, &port, &blocksize);
|
||||
if (!user)
|
||||
{
|
||||
- put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC get", NULL, NULL));
|
||||
+ put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL));
|
||||
return;
|
||||
}
|
||||
+
|
||||
if (!blocksize || blocksize > MAX_DCC_BLOCK_SIZE)
|
||||
blocksize = get_int_var(DCC_BLOCK_SIZE_VAR);
|
||||
|
||||
- if (!user)
|
||||
- {
|
||||
- put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL));
|
||||
- return;
|
||||
- }
|
||||
if (args && *args)
|
||||
filename = args;
|
||||
|
||||
@@ -3557,6 +3563,8 @@ int blocksize = 0;
|
||||
n->blocksize = blocksize;
|
||||
n->transfer_orders.byteoffset = sb.st_size;
|
||||
|
||||
+ s->flags |= DCC_RESUME_REQ;
|
||||
+
|
||||
old_dp = doing_privmsg; old_dn = doing_notice; old_dc = in_ctcp_flag;
|
||||
/* Just in case we have to fool the protocol enforcement. */
|
||||
doing_privmsg = doing_notice = in_ctcp_flag = 0;
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'bitchx'
|
||||
pkgname=bitchx
|
||||
version=1.2.1
|
||||
revision=6
|
||||
revision=7
|
||||
build_style=gnu-configure
|
||||
configure_args="--with-ssl --with-ipv6 --with-plugins"
|
||||
makedepends="libressl-devel ncurses-devel"
|
||||
|
|
Loading…
Reference in New Issue