+Mon Aug 17 20:01:18 EDT 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
+ * Fixed the crash problem. It wasn't AGUP/ASUP, but rather a buffer
+ overrun in getuser() (thanks, Nathan). Implemented overrun checks
+ in getuser(), getroom(), and getfloor() to prevent future problems.
+
Mon Aug 17 00:06:52 EDT 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
* Updated citmail.c with the latest stuff from the production system.
* Implemented AGUP and ASUP commands, but AGUP crashes the server
after its first successful use (user-not-found's don't affect it).
- Haven't figured this one out yet...
Thu Aug 6 19:25:01 EDT 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
* Got the CitadelAPI library to the point where the server can start
bzero(qrbuf, sizeof(struct quickroom));
cdbqr = cdb_fetch(CDB_QUICKROOM, &room_num, sizeof(int));
if (cdbqr != NULL) {
- memcpy(qrbuf, cdbqr->ptr, cdbqr->len);
+ memcpy(qrbuf, cdbqr->ptr,
+ ( (cdbqr->len > sizeof(struct quickroom)) ?
+ sizeof(struct quickroom) : cdbqr->len) );
cdb_free(cdbqr);
}
else {
bzero(flbuf, sizeof(struct floor));
cdbfl = cdb_fetch(CDB_FLOORTAB, &floor_num, sizeof(int));
if (cdbfl != NULL) {
- memcpy(flbuf, cdbfl->ptr, cdbfl->len);
+ memcpy(flbuf, cdbfl->ptr,
+ ( (cdbfl->len > sizeof(struct floor)) ?
+ sizeof(struct floor) : cdbfl->len) );
cdb_free(cdbfl);
}
else {
return(1); /* user not found */
}
- memcpy(usbuf, cdbus->ptr, cdbus->len);
+ memcpy(usbuf, cdbus->ptr,
+ ( (cdbus->len > sizeof(struct usersupp)) ?
+ sizeof(struct usersupp) : cdbus->len) );
cdb_free(cdbus);
return(0);
}
}
extract(requested_user, cmdbuf, 0);
- lprintf(9, "Requesting <%s>\n", requested_user);
if (getuser(&usbuf, requested_user) != 0) {
cprintf("%d No such user.\n", ERROR + NO_SUCH_USER);
return;
}
- lprintf(9, "getuser() returned zero\n");
cprintf("%d %s|%s|%u|%d|%d|%d|%ld\n",
OK,
(int)usbuf.axlevel,
usbuf.usernum);
- lprintf(9, "Done.\n");
}