Fixes for 1.13

Fix heap-buffer-overflow
michaelortmann · Jun 5, 2024 · 18ac8e3 · 18ac8e3
1 parent 2b7722d
commit 18ac8e3
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 10 deletions.
diff --git a/README b/README
@@ -24,8 +24,8 @@ Unfortunately, you need to compile stats.mod within your eggdrop source,
 so if you removed your original compile directory, you'll have to
 compile the whole bot again... sorry.
 
-Put stats.mod.1.12.tar.gz in ~/eggdrop-1.9.5/src/mod/,
-and unpack it (tar xfz stats.mod-1.12.tar.gz). Change directory
+Put stats.mod.1.13.tar.gz in ~/eggdrop-1.9.5/src/mod/,
+and unpack it (tar xfz stats.mod-1.13.tar.gz). Change directory
 back to ~/eggdrop-1.9.5/. Type 'make config'. Type 'make', wait until compiling
 is done and use 'make install' to install the bot and stats.mod.
 

diff --git a/UPDATES b/UPDATES
@@ -1,5 +1,8 @@
 Changes in Stats.mod: (since v1.0.1)
 --------------------
+1.13
+- Fixed heap-buffer-overflow
+
 1.12
 - Fix restrict
 - Fix typo

diff --git a/core/slang.c b/core/slang.c
@@ -161,7 +161,7 @@ static int slang_load(struct slang_header *slang, char *filename)
     return 0;
   }
   line = 0;
-  while (fgets(buf, (sizeof buf) - 1, f)) {
+  while (fgets(buf, sizeof buf, f)) {
     line++;
     // at first, kill those stupid line feeds and carriage returns...
     if (buf[strlen(buf) - 1] == '\n')

diff --git a/core/templates.c b/core/templates.c
@@ -61,7 +61,7 @@ static int expmem_templates()
 static int loadskin(char *parbuf)
 {
   FILE *f;
-  char *buf, *s, *cmd, *str_skin, *name, *filename, *shortname, *longname;
+  char buf[2000], *s, *cmd, *str_skin, *name, *filename, *shortname, *longname;
   char *conffile, *path, *filebuf;
   struct template_skin *skin;
   struct template_content *content;
@@ -83,13 +83,14 @@ static int loadskin(char *parbuf)
     debug1("empty path, new path: %s", path);
   }
   skin = NULL;
-  buf = nmalloc(2000);
   while (!feof(f)) {
     s = buf;
-    if (fgets(s, 2000, f)) {
+    if (fgets(s, sizeof buf, f)) {
       // at first, kill those stupid line feeds and carriage returns...
       if (s[strlen(s) - 1] == '\n')
         s[strlen(s) - 1] = 0;
+      if (!s[0])
+        continue;
       if (s[strlen(s) - 1] == '\r')
         s[strlen(s) - 1] = 0;
       if (!s[0])
@@ -103,7 +104,6 @@ static int loadskin(char *parbuf)
         if (!skin) {
           putlog(LOG_MISC, "*", "ERROR loading skin: unknown error creating skin structure!");
           fclose(f);
-          nfree(buf);
           return 0;
         }
       } else if (!strcasecmp(cmd, "template")) {
@@ -149,7 +149,6 @@ static int loadskin(char *parbuf)
       }
     }
   }
-  nfree(buf);
   return 1;
 }
 

diff --git a/stats.c b/stats.c
@@ -31,7 +31,7 @@
 
 #define MAKING_STATS
 #define MODULE_NAME "stats"
-#define MODULE_VERSION "1.12"
+#define MODULE_VERSION "1.13"
 #ifndef NO_EGG
 #include "../module.h"
 #include "../irc.mod/irc.h"
@@ -446,7 +446,7 @@ char *stats_start(Function * global_funcs)
 
   chanlangs = NULL;
   slang_glob_init();
-  module_register(MODULE_NAME, stats_table, 1, 12);
+  module_register(MODULE_NAME, stats_table, 1, 13);
   if (!(irc_funcs = module_depend(MODULE_NAME, "irc", 1, 0)))
     return "You need the irc module to use the stats module.";
   if (!(server_funcs = module_depend(MODULE_NAME, "server", 1, 0)))