Changeset 3183c21 for storage_text.c


Ignore:
Timestamp:
2008-09-06T22:59:32Z (16 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
15d1469
Parents:
0a4f6f4
Message:

Completely reviewed all uses of irc->password, irc_setpass() and
USTATUS_IDENTIFIED after another account overwriting vulnerability was
found by Tero Marttila.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • storage_text.c

    r0a4f6f4 r3183c21  
    4444}
    4545
    46 static storage_status_t text_load ( const char *my_nick, const char* password, irc_t *irc )
     46static storage_status_t text_load( irc_t *irc, const char* password )
    4747{
    4848        char s[512];
     
    5454        account_t *acc, *acc_lookup[9];
    5555       
    56         if( irc->status & USTATUS_IDENTIFIED )
    57                 return( 1 );
    58        
    59         g_snprintf( s, 511, "%s%s%s", global.conf->configdir, my_nick, ".accounts" );
     56        g_snprintf( s, 511, "%s%s%s", global.conf->configdir, irc->nick, ".accounts" );
    6057        fp = fopen( s, "r" );
    6158        if( !fp ) return STORAGE_NO_SUCH_USER;
     
    6865                return STORAGE_INVALID_PASSWORD;
    6966        }
    70        
    71         /* Do this now. If the user runs with AuthMode = Registered, the
    72            account command will not work otherwise. */
    73         irc->status |= USTATUS_IDENTIFIED;
    7467       
    7568        while( fscanf( fp, "%511[^\n]s", s ) > 0 )
     
    10194        }
    10295       
    103         g_snprintf( s, 511, "%s%s%s", global.conf->configdir, my_nick, ".nicks" );
     96        g_snprintf( s, 511, "%s%s%s", global.conf->configdir, irc->nick, ".nicks" );
    10497        fp = fopen( s, "r" );
    10598        if( !fp ) return STORAGE_NO_SUCH_USER;
Note: See TracChangeset for help on using the changeset viewer.