From d1f952e426cc27afce593f055b0d8b292984aeda Mon Sep 17 00:00:00 2001 From: Martin Sandsmark Date: Fri, 27 Jan 2012 00:08:12 +0100 Subject: [PATCH] Add checks for the right amount of parameters to random IRC events, found by ircfuzz.c. Fixes #1136. --- src/core/coresessioneventprocessor.cpp | 3 +++ src/core/eventstringifier.cpp | 18 ++++++++++++++++++ src/core/ircparser.cpp | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/core/coresessioneventprocessor.cpp b/src/core/coresessioneventprocessor.cpp index 2eb7f6d9..738b1d5f 100644 --- a/src/core/coresessioneventprocessor.cpp +++ b/src/core/coresessioneventprocessor.cpp @@ -665,6 +665,9 @@ void CoreSessionEventProcessor::processIrcEvent353(IrcEvent *e) { /* ERR_ERRONEUSNICKNAME */ void CoreSessionEventProcessor::processIrcEvent432(IrcEventNumeric *e) { + if(!checkParamCount(e, 1)) + return; + QString errnick; if(e->params().count() < 2) { // handle unreal-ircd bug, where unreal ircd doesnt supply a TARGET in ERR_ERRONEUSNICKNAME during registration phase: diff --git a/src/core/eventstringifier.cpp b/src/core/eventstringifier.cpp index 7276edfd..10231029 100644 --- a/src/core/eventstringifier.cpp +++ b/src/core/eventstringifier.cpp @@ -94,12 +94,18 @@ void EventStringifier::processIrcEventNumeric(IrcEventNumeric *e) { // Server error messages, display them in red. First param will be appended. case 401: { + if(!checkParamCount(e, 1)) + return; + QString target = e->params().takeFirst(); displayMsg(e, Message::Error, e->params().join(" ") + " " + target, e->prefix(), target, Message::Redirected); break; } case 402: case 403: case 404: case 406: case 408: case 415: case 421: case 442: { + if(!checkParamCount(e, 1)) + return; + QString channelName = e->params().takeFirst(); displayMsg(e, Message::Error, e->params().join(" ") + " " + channelName, e->prefix()); break; @@ -110,6 +116,9 @@ void EventStringifier::processIrcEventNumeric(IrcEventNumeric *e) { case 467: case 471: case 473: case 474: case 475: case 476: case 477: case 478: case 482: case 436: // ERR_NICKCOLLISION { + if(!checkParamCount(e, 1)) + return; + QString p = e->params().takeFirst(); displayMsg(e, Message::Error, p + ": " + e->params().join(" ")); break; @@ -475,16 +484,25 @@ void EventStringifier::processIrcEvent369(IrcEvent *e) { /* ERR_ERRONEUSNICKNAME */ void EventStringifier::processIrcEvent432(IrcEvent *e) { + if(!checkParamCount(e, 1)) + return; + displayMsg(e, Message::Error, tr("Nick %1 contains illegal characters").arg(e->params()[0])); } /* ERR_NICKNAMEINUSE */ void EventStringifier::processIrcEvent433(IrcEvent *e) { + if(!checkParamCount(e, 1)) + return; + displayMsg(e, Message::Error, tr("Nick already in use: %1").arg(e->params()[0])); } /* ERR_UNAVAILRESOURCE */ void EventStringifier::processIrcEvent437(IrcEvent *e) { + if(!checkParamCount(e, 1)) + return; + displayMsg(e, Message::Error, tr("Nick/channel is temporarily unavailable: %1").arg(e->params()[0])); } diff --git a/src/core/ircparser.cpp b/src/core/ircparser.cpp index 605dd2e8..8c1c84ea 100644 --- a/src/core/ircparser.cpp +++ b/src/core/ircparser.cpp @@ -275,7 +275,7 @@ void IrcParser::processNetworkIncoming(NetworkDataEvent *e) { break; case 333: /* Topic set by... */ - if(params.count() >= 2) { + if(params.count() >= 3) { QString channel = net->serverDecode(params.at(0)); decParams << channel << net->serverDecode(params.at(1)); decParams << net->channelDecode(channel, params.at(2)); -- 2.20.1