View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003596unrealircdpublic2008-01-27 00:582008-02-04 15:29
Reportersatmd Assigned To 
PrioritynormalSeveritycrashReproducibilitysometimes
Status closedResolutionwont fix 
Product Version3.2.7 
Summary0003596: proper input valiation in src/match.c (match2)
DescriptionWe just had an occurence of a crash in

# Program terminated with signal 11, Segmentation fault.
# #0 match (mask=0xbf8dd2b4 "erik*!*@*", name=0x0) at match.c:152
# 152 if (!*n)

n gets initialized to name's value (0x0).

I remember seeing this problem prior to 3.2.5 and had a long discussion in #unreal-support on this issue

Back then, I argued that we should not assume modules are free of errors and should do proper input validation in any function that's accessible from modules (and probably used - such as match/match2).

Instead, we kept things as is.

Now we see the *exact* same problem at the very *exact* same line - but probably invoked from another source:
-> src/match.c, line 152

n got initialized to 0x0, and we do a check on *n without checking for n itself first.

Therefore I suggest a small change to that line:
from: if (!*n)
to: if(n && (!*n))

We could also consider return'ing early for (!n).
Steps To ReproduceBack when I originally reported this problem on IRC (might be a year or two), it was a module that specified name as NULL (but I dunno wether that was implicit or explicit), but today we have (/modules output):
m_hostforward - $Id: m_hostforward.c,v 1.0.2 2005/02/15 16:13:15 Special Exp $ (Forward users by hostmask to another channel) [PERM] [3RD]
cloak - $Id: cloak.c,v 1.1.2.3 2005/02/04 00:26:37 syzop Exp $ (Official cloaking module (md5))
commands - $Id: l_commands.c,v 1.1.2.63.2.11 2007/01/22 12:46:54 syzop Exp $ (Wrapper library for m_ commands)
Hooks: 1 2 6 11 13 15 16 17 18 27 31 33
Override:

We can either blame it on a yet-to-find bug in m_hostforward (as the only 3rd party module) or simply add the validation.
3rd party modules

Activities

satmd

2008-01-27 01:04

reporter   ~0014999

3rd party module: m_hostforward

syzop

2008-02-04 15:29

administrator   ~0015023

well, you cannot just throw NULL's to a function and expect it not to crash, unless a function specifically mentions NULL is ok... that's C.

Issue History

Date Modified Username Field Change
2008-01-27 00:58 satmd New Issue
2008-01-27 01:04 satmd Note Added: 0014999
2008-02-04 15:29 syzop QA => Not touched yet by developer
2008-02-04 15:29 syzop U4: Need for upstream patch => No need for upstream InspIRCd patch
2008-02-04 15:29 syzop Status new => closed
2008-02-04 15:29 syzop Note Added: 0015023
2008-02-04 15:29 syzop Resolution open => wont fix