Changeset 3183c21 for root_commands.c


Ignore:
Timestamp:
2008-09-06T22:59:32Z (11 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
15d1469
Parents:
0a4f6f4
Message:

Completely reviewed all uses of irc->password, irc_setpass() and
USTATUS_IDENTIFIED after another account overwriting vulnerability was
found by Tero Marttila.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • root_commands.c

    r0a4f6f4 r3183c21  
    131131static void cmd_identify( irc_t *irc, char **cmd )
    132132{
    133         storage_status_t status = storage_load( irc->nick, cmd[1], irc );
     133        storage_status_t status = storage_load( irc, cmd[1] );
    134134        char *account_on[] = { "account", "on", NULL };
    135135       
     
    143143        case STORAGE_OK:
    144144                irc_usermsg( irc, "Password accepted, settings and accounts loaded" );
     145                irc_setpass( irc, cmd[1] );
     146                irc->status |= USTATUS_IDENTIFIED;
    145147                irc_umode_set( irc, "+R", 1 );
    146148                if( set_getbool( &irc->set, "auto_connect" ) )
     
    162164        }
    163165
    164         irc_setpass( irc, cmd[1] );
    165         switch( storage_save( irc, FALSE )) {
     166        switch( storage_save( irc, cmd[1], FALSE ) ) {
    166167                case STORAGE_ALREADY_EXISTS:
    167168                        irc_usermsg( irc, "Nick is already registered" );
     
    170171                case STORAGE_OK:
    171172                        irc_usermsg( irc, "Account successfully created" );
     173                        irc_setpass( irc, cmd[1] );
    172174                        irc->status |= USTATUS_IDENTIFIED;
    173175                        irc_umode_set( irc, "+R", 1 );
     
    887889static void cmd_save( irc_t *irc, char **cmd )
    888890{
    889         if( storage_save( irc, TRUE ) == STORAGE_OK )
     891        if( ( irc->status & USTATUS_IDENTIFIED ) == 0 )
     892                irc_usermsg( irc, "Please create an account first" );
     893        else if( storage_save( irc, NULL, TRUE ) == STORAGE_OK )
    890894                irc_usermsg( irc, "Configuration saved" );
    891895        else
Note: See TracChangeset for help on using the changeset viewer.