Skip to content

Commit

Permalink
JUPE: cleanup code and fix UAF bugs
Browse files Browse the repository at this point in the history
  • Loading branch information
retropc committed Oct 3, 2023
1 parent 918c24c commit 2f7e3ce
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 61 deletions.
70 changes: 31 additions & 39 deletions jupe/jupe.c
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,11 @@
#include "../lib/irc_string.h"
#include "jupe.h"

jupe_t *jupes = NULL;
static jupe_t *jupes = NULL;

int handlejupe(void *source, int cargc, char **cargv);
static int handlejupe(void *source, int cargc, char **cargv);
static jupe_t *make_jupe(char *server, char *reason, time_t expirets, time_t lastmod, unsigned int flags);
static void jupe_free(jupe_t *);

void _init() {
/* If we're connected to IRC, force a disconnect. */
Expand All @@ -25,21 +27,18 @@ void _init() {
}

void _fini() {
jupe_t *next;

while (jupes) {
/* keep a pointer to the next item */
next = jupes->ju_next;
jupe_t *next = jupes->ju_next;

free(jupes);
jupe_free(jupes);

jupes = next;
}

deregisterserverhandler("JU", &handlejupe);
}

int handlejupe(void *source, int cargc, char **cargv) {
static int handlejupe(void *source, int cargc, char **cargv) {
char *server, *expire, *modtime, *reason;
jupe_t *jupe;
unsigned int flags;
Expand Down Expand Up @@ -115,46 +114,39 @@ void jupe_propagate(jupe_t *jupe) {
JupeReason(jupe));
}

void jupe_expire(void) {
jupe_find(NULL);
}

jupe_t *jupe_find(char *server) {
jupe_t *jupe = jupes;
static void jupe_expire(void) {
time_t nettime = getnettime();

while (jupe) {
/* server == NULL if jupe_find() is used by jupe_expire */
if (server && ircd_strcmp(server, JupeServer(jupe)) == 0)
return jupe;

if (jupe->ju_next && jupe->ju_next->ju_expire < getnettime())
jupe_free(jupe->ju_next);

jupe = jupe->ju_next;
for (jupe_t **p = &jupes, *j = *p; j; j = *p) {
if (j->ju_expire <= nettime) {
*p = j->ju_next;
jupe_free(j);
} else {
p = &j->ju_next;
}
}

if (jupes && jupes->ju_expire < getnettime())
jupe_free(jupes);

return NULL;
}

void jupe_free(jupe_t *jupe) {
jupe_t *trav = jupes;
jupe_t *jupe_next(jupe_t *current) {
if (current == NULL) {
jupe_expire();
return jupes;
}

if (jupe == jupes)
jupes = jupe->ju_next;
else {
while (trav) {
if (trav->ju_next == jupe) {
trav->ju_next = jupe->ju_next;
break;
}
return current->ju_next;
}

trav = trav->ju_next;
jupe_t *jupe_find(char *server) {
for (jupe_t *jupe = jupe_next(NULL); jupe; jupe = jupe_next(jupe)) {
if (ircd_strcmp(server, JupeServer(jupe)) == 0) {
return jupe;
}
}

return NULL;
}

static void jupe_free(jupe_t *jupe) {
freesstring(jupe->ju_server);
freesstring(jupe->ju_reason);
free(jupe);
Expand Down
9 changes: 1 addition & 8 deletions jupe/jupe.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@ typedef struct jupe_s {
unsigned int ju_flags;
} jupe_t;

extern jupe_t *jupes;

#define JUPE_MAX_EXPIRE 604800

#define JUPE_ACTIVE 0x0001
Expand All @@ -19,13 +17,8 @@ extern jupe_t *jupes;
#define JupeReason(j) ((j)->ju_reason->content)
#define JupeLastMod(j) ((j)->ju_lastmod)

void jupe_propagate(jupe_t *jupe);
jupe_t *make_jupe(char *server, char *reason, time_t expirets, time_t lastmod, unsigned int flags);
void jupe_free(jupe_t *jupe);

/* (public) functions for using/modifying jupes */
jupe_t *jupe_find(char *server);
void jupe_activate(jupe_t *jupe);
void jupe_deactivate(jupe_t *jupe);
int jupe_add(char *server, char *reason, time_t duration, unsigned int flags);
void jupe_expire(void); /* call this before directly using the jupes list */
jupe_t *jupe_next(jupe_t *current);
15 changes: 1 addition & 14 deletions jupe/jupe_commands.c
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ int ju_addjupe(void *source, int cargc, char **cargv) {
return CMD_USAGE;
}

jupe_expire();

if (jupe_find(cargv[0]) != NULL) {
controlreply(np, "There is already a jupe for that server.");
return CMD_OK;
Expand Down Expand Up @@ -46,8 +44,6 @@ int ju_activatejupe(void *source, int cargc, char **cargv) {
return CMD_USAGE;
}

jupe_expire();

jupe = jupe_find(cargv[0]);

if (jupe == NULL) {
Expand Down Expand Up @@ -76,8 +72,6 @@ int ju_deactivatejupe(void *source, int cargc, char **cargv) {
return CMD_USAGE;
}

jupe_expire();

jupe = jupe_find(cargv[0]);

if (jupe == NULL) {
Expand All @@ -99,18 +93,11 @@ int ju_deactivatejupe(void *source, int cargc, char **cargv) {

int ju_jupelist(void *source, int cargc, char **cargv) {
nick *np = (nick*)source;
jupe_t *jupe;

jupe_expire();

jupe = jupes;

controlreply(np, "Server Reason Expires Status");

while (jupe) {
for (jupe_t *jupe = jupe_next(NULL); jupe; jupe = jupe_next(jupe)) {
controlreply(np, "%s %s %s %s", JupeServer(jupe), JupeReason(jupe), longtoduration(jupe->ju_expire - getnettime(), 0), (jupe->ju_flags & JUPE_ACTIVE) ? "activated" : "deactivated");

jupe = jupe->ju_next;
}

controlreply(np, "--- End of JUPE list.");
Expand Down

0 comments on commit 2f7e3ce

Please sign in to comment.