From 5f2e79c949e44002ecca576cee0aecd1e02fbdf8 Mon Sep 17 00:00:00 2001 From: Michael Ortmann Date: Mon, 16 Oct 2023 09:40:06 +0200 Subject: [PATCH 1/3] Fix snprintf() overlaps destination object for optimize_kicks == 2 --- src/mod/server.mod/server.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/mod/server.mod/server.c b/src/mod/server.mod/server.c index aea437f66..448724422 100644 --- a/src/mod/server.mod/server.c +++ b/src/mod/server.mod/server.c @@ -568,13 +568,16 @@ static void check_queues(char *oldnick, char *newnick) static void parse_q(struct msgq_head *q, char *oldnick, char *newnick) { struct msgq *m, *lm = NULL; - char buf[SENDLINEMAX], *msg, *nicks, *nick, *chan, newnicks[SENDLINEMAX], newmsg[SENDLINEMAX]; + char buf[SENDLINEMAX], *msg, *nicks, *nick, *chan, newnicks[SENDLINEMAX], + newmsg[SENDLINEMAX]; int changed; + size_t len; for (m = q->head; m;) { changed = 0; - if (optimize_kicks == 2 && !strncasecmp(m->msg, "KICK ", 5)) { + if (optimize_kicks == 2 && !strncasecmp(m->msg, "KICK", 4)) { newnicks[0] = 0; + len = 0; strlcpy(buf, m->msg, sizeof buf); msg = buf; newsplit(&msg); @@ -586,10 +589,11 @@ static void parse_q(struct msgq_head *q, char *oldnick, char *newnick) ((9 + strlen(chan) + strlen(newnicks) + strlen(newnick) + strlen(nicks) + strlen(msg)) < SENDLINEMAX-1)) { if (newnick) - egg_snprintf(newnicks, sizeof newnicks, "%s,%s", newnicks, newnick); + len += snprintf(newnicks + len, (sizeof newnicks) - len, ",%s", + newnick); /* Concatenation */ changed = 1; } else - egg_snprintf(newnicks, sizeof newnicks, ",%s", nick); + snprintf(newnicks, sizeof newnicks, ",%s", nick); } egg_snprintf(newmsg, sizeof newmsg, "KICK %s %s %s", chan, newnicks + 1, msg); From 1185f99df212b04885e10e0179f24bde4968a65b Mon Sep 17 00:00:00 2001 From: Michael Ortmann Date: Mon, 16 Oct 2023 10:31:39 +0200 Subject: [PATCH 2/3] Optimize: egg_snprintf(newmsg) only if we have to and no need to strlen() when we already got the len returned from snprintf() --- src/mod/server.mod/server.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/mod/server.mod/server.c b/src/mod/server.mod/server.c index 448724422..ca00258ed 100644 --- a/src/mod/server.mod/server.c +++ b/src/mod/server.mod/server.c @@ -595,8 +595,7 @@ static void parse_q(struct msgq_head *q, char *oldnick, char *newnick) } else snprintf(newnicks, sizeof newnicks, ",%s", nick); } - egg_snprintf(newmsg, sizeof newmsg, "KICK %s %s %s", chan, - newnicks + 1, msg); + } if (changed) { if (newnicks[0] == 0) { @@ -611,9 +610,11 @@ static void parse_q(struct msgq_head *q, char *oldnick, char *newnick) if (!q->head) q->last = 0; } else { + len = egg_snprintf(newmsg, sizeof newmsg, "KICK %s %s %s", chan, + newnicks + 1, msg); nfree(m->msg); - m->msg = nmalloc(strlen(newmsg) + 1); - m->len = strlen(newmsg); + m->msg = nmalloc(len + 1); + m->len = len; strcpy(m->msg, newmsg); } } From 86beaabe67f5d7ddd7b3c6086cbdcbf2e6c55ed0 Mon Sep 17 00:00:00 2001 From: Michael Ortmann Date: Mon, 16 Oct 2023 10:55:11 +0200 Subject: [PATCH 3/3] egg_snprintf() -> snprintf() and fix a format truncation warning --- src/mod/server.mod/server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/mod/server.mod/server.c b/src/mod/server.mod/server.c index ca00258ed..c3ce0735e 100644 --- a/src/mod/server.mod/server.c +++ b/src/mod/server.mod/server.c @@ -568,7 +568,7 @@ static void check_queues(char *oldnick, char *newnick) static void parse_q(struct msgq_head *q, char *oldnick, char *newnick) { struct msgq *m, *lm = NULL; - char buf[SENDLINEMAX], *msg, *nicks, *nick, *chan, newnicks[SENDLINEMAX], + char buf[SENDLINEMAX], *msg, *nicks, *nick, *chan, newnicks[SENDLINEMAX - 8], newmsg[SENDLINEMAX]; int changed; size_t len; @@ -610,8 +610,8 @@ static void parse_q(struct msgq_head *q, char *oldnick, char *newnick) if (!q->head) q->last = 0; } else { - len = egg_snprintf(newmsg, sizeof newmsg, "KICK %s %s %s", chan, - newnicks + 1, msg); + len = snprintf(newmsg, sizeof newmsg, "KICK %s %s %s", chan, + newnicks + 1, msg); nfree(m->msg); m->msg = nmalloc(len + 1); m->len = len;