From 605924e3eaa55de1dd6a6d111286d76688513dec Mon Sep 17 00:00:00 2001 From: brain Date: Sat, 13 Oct 2007 21:27:36 +0000 Subject: [PATCH] Extra sanity checks to openssl module events to check for out of range file descriptors git-svn-id: http://svn.inspircd.org/repository/branches/1_1_stable@8156 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/cull_list.cpp | 2 +- src/modules/extra/m_ssl_gnutls.cpp | 20 ++++++++++++++++++++ src/modules/extra/m_ssl_openssl.cpp | 20 ++++++++++++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) diff --git a/src/cull_list.cpp b/src/cull_list.cpp index ee257350e..ecc09c24a 100644 --- a/src/cull_list.cpp +++ b/src/cull_list.cpp @@ -191,7 +191,7 @@ int CullList::Apply() ServerInstance->local_users.erase(x); } ServerInstance->clientlist->erase(iter); - DELETE(a->GetUser()); + delete a->GetUser(); } list.erase(list.begin()); diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 8092c5708..310224dcb 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -348,6 +348,10 @@ class ModuleSSLGnuTLS : public Module virtual void OnRawSocketAccept(int fd, const std::string &ip, int localport) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return; + issl_session* session = &sessions[fd]; session->fd = fd; @@ -377,6 +381,10 @@ class ModuleSSLGnuTLS : public Module virtual void OnRawSocketConnect(int fd) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return; + issl_session* session = &sessions[fd]; session->fd = fd; @@ -395,6 +403,10 @@ class ModuleSSLGnuTLS : public Module virtual void OnRawSocketClose(int fd) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return; + CloseSession(&sessions[fd]); EventHandler* user = ServerInstance->SE->GetRef(fd); @@ -410,6 +422,10 @@ class ModuleSSLGnuTLS : public Module virtual int OnRawSocketRead(int fd, char* buffer, unsigned int count, int &readresult) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return 0; + issl_session* session = &sessions[fd]; if (!session->sess) @@ -501,6 +517,10 @@ class ModuleSSLGnuTLS : public Module virtual int OnRawSocketWrite(int fd, const char* buffer, int count) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return 0; + issl_session* session = &sessions[fd]; const char* sendbuffer = buffer; diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 238d44693..2cb302737 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -397,6 +397,10 @@ class ModuleSSLOpenSSL : public Module virtual void OnRawSocketAccept(int fd, const std::string &ip, int localport) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return; + issl_session* session = &sessions[fd]; session->fd = fd; @@ -420,6 +424,10 @@ class ModuleSSLOpenSSL : public Module virtual void OnRawSocketConnect(int fd) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return; + issl_session* session = &sessions[fd]; session->fd = fd; @@ -443,6 +451,10 @@ class ModuleSSLOpenSSL : public Module virtual void OnRawSocketClose(int fd) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return; + CloseSession(&sessions[fd]); EventHandler* user = ServerInstance->SE->GetRef(fd); @@ -458,6 +470,10 @@ class ModuleSSLOpenSSL : public Module virtual int OnRawSocketRead(int fd, char* buffer, unsigned int count, int &readresult) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return 0; + issl_session* session = &sessions[fd]; if (!session->sess) @@ -535,6 +551,10 @@ class ModuleSSLOpenSSL : public Module virtual int OnRawSocketWrite(int fd, const char* buffer, int count) { + /* Are there any possibilities of an out of range fd? Hope not, but lets be paranoid */ + if ((fd < 0) || (fd > MAX_DESCRIPTORS)) + return 0; + issl_session* session = &sessions[fd]; if (!session->sess)