Changeset 3183c21 for root_commands.c

Timestamp:

2008-09-06T22:59:32Z (16 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

15d1469

Parents:

0a4f6f4

Message:

Completely reviewed all uses of irc->password, irc_setpass() and
USTATUS_IDENTIFIED after another account overwriting vulnerability was
found by Tero Marttila.

File:

• root_commands.c (modified) (5 diffs)

root_commands.c

@@ -131 +131 @@
 static void cmd_identify( irc_t *irc, char **cmd )
 {
-        storage_status_t status = storage_load( irc->nick, cmd[1], irc );
+        storage_status_t status = storage_load( irc, cmd[1] );
         char *account_on[] = { "account", "on", NULL };
         
@@ -143 +143 @@
         case STORAGE_OK:
                 irc_usermsg( irc, "Password accepted, settings and accounts loaded" );
+                irc_setpass( irc, cmd[1] );
+                irc->status |= USTATUS_IDENTIFIED;
                 irc_umode_set( irc, "+R", 1 );
                 if( set_getbool( &irc->set, "auto_connect" ) )
@@ -162 +164 @@
         }
 
-        irc_setpass( irc, cmd[1] );
-        switch( storage_save( irc, FALSE )) {
+        switch( storage_save( irc, cmd[1], FALSE ) ) {
                 case STORAGE_ALREADY_EXISTS:
                         irc_usermsg( irc, "Nick is already registered" );
@@ -170 +171 @@
                 case STORAGE_OK:
                         irc_usermsg( irc, "Account successfully created" );
+                        irc_setpass( irc, cmd[1] );
                         irc->status |= USTATUS_IDENTIFIED;
                         irc_umode_set( irc, "+R", 1 );
@@ -887 +889 @@
 static void cmd_save( irc_t *irc, char **cmd )
 {
-        if( storage_save( irc, TRUE ) == STORAGE_OK )
+        if( ( irc->status & USTATUS_IDENTIFIED ) == 0 )
+                irc_usermsg( irc, "Please create an account first" );
+        else if( storage_save( irc, NULL, TRUE ) == STORAGE_OK )
                 irc_usermsg( irc, "Configuration saved" );
         else