[hackers] [ii] - prepare 1.4 release || Nico Golde

changeset: 78:7c7c000b4f42
tag: 1.4
user: Nico Golde <nion_AT_suckless.org>
date: Sat Aug 09 13:45:46 2008 +0200
files: CHANGES LICENSE README config.mk ii.1 ii.c
description:
- prepare 1.4 release
- fix directory traversal using #../../ (not possible to overwrite arbitrary files, thus not marking as security fix)
- general cleanup
- documentation fixes (url, copyright, formatting)

diff -r 06f79c8e3814 -r 7c7c000b4f42 CHANGES
--- a/CHANGES Tue Jul 22 19:02:47 2008 +0200
+++ b/CHANGES Sat Aug 09 13:45:46 2008 +0200
@@ -1,3 +1,11 @@
+1.4 (2008-08-09):
+ - fix directory traversal on servers that support SAJOIN
+ NOTE: not marking as security relevant as it is only possible to
+ create directories outside (which is of course annoying) of the irc
+ hierarchy but not overwriting arbitrary files with the channel name.
+ - documentation fixes
+ - general cleanup
+
 1.3 (2007-07-14):
     - server messages about users (QUIT,JOIN) will no longer
       go to the user directories but to the server out file to
diff -r 06f79c8e3814 -r 7c7c000b4f42 LICENSE
--- a/LICENSE Tue Jul 22 19:02:47 2008 +0200
+++ b/LICENSE Sat Aug 09 13:45:46 2008 +0200
@@ -1,7 +1,7 @@
 MIT/X Consortium License
 
 (C)opyright MMV-MMVI Anselm R. Garbe <garbeam_AT_wmii.de>
-(C)opyright MMV-MMVII Nico Golde <nico at ngolde dot de>
+(C)opyright MMV-MMVIII Nico Golde <nico at ngolde dot de>
 
 Permission is hereby granted, free of charge, to any person obtaining a
 copy of this software and associated documentation files (the "Software"),
diff -r 06f79c8e3814 -r 7c7c000b4f42 README
--- a/README Tue Jul 22 19:02:47 2008 +0200
+++ b/README Sat Aug 09 13:45:46 2008 +0200
@@ -1,17 +1,17 @@
 Abstract
 --------
-ii is a minimalistic FIFO and filesystem based IRC client.
-It creates an irc directory tree with server, channel and
-nick name directories.
-In every directory a FIFO file (in) and and normal file (out)
-is placed.
-The in file is used to communicate with the servers and the out
-files include the server messages. For every channel and every nick
-name there will be new in and out files.
-The basic idea of this is to be able to communicate with an IRC
-server with standard command line tools.
-For example if you want to join a channel just do echo "/j #channel" > in
-and ii creates a new channel directory with in and out file.
+ii is a minimalistic FIFO and filesystem based IRC client. It creates an irc
+directory tree with server, channel and nick name directories. In every
+directory a FIFO file (in) and and normal file (out) is placed.
+
+The in file is used to communicate with the servers and the out files include
+the server messages. For every channel and every nick name there will be new in
+and out files.
+
+The basic idea of this is to be able to communicate with an IRC server with
+standard command line tools. For example if you want to join a channel just do
+echo "/j #channel" > in and ii creates a new channel directory with in and out
+file.
 
 Installation
 ------------
@@ -32,10 +32,12 @@
 key mapping like:
 map w1 :.w >> \#ii/in<cr>
 map w2 :.w >> \#wmii/in<cr>
-to post to channels.
+to post to channels.
+
 If you use the next editor line for a new posting you can use ctrl-p for nick
 completion if you wrote the nick in the past.
 Thanks to Matthias Kopfermann for this hint.
+
 You can find an example of how this nested environment could look like on:
 http://nion.modprobe.de/blog/archives/440-Using-the-ii-irc-client.html
 
@@ -46,7 +48,7 @@
 Changelog
 ---------
 Since I missed the chance to add a proper changelog right from the beginning,
-please have a look at the commit messages on http://www.suckless.org/hg.rc/ii
+please have a look at the commit messages on http://code.suckless.org/hg/ii/
 they are fairly descriptive on releases prior to 1.2.
 
 Contact
diff -r 06f79c8e3814 -r 7c7c000b4f42 config.mk
--- a/config.mk Tue Jul 22 19:02:47 2008 +0200
+++ b/config.mk Sat Aug 09 13:45:46 2008 +0200
@@ -12,7 +12,7 @@
 
 INCDIR = ${PREFIX}/include
 LIBDIR = ${PREFIX}/lib
-VERSION = 1.3
+VERSION = 1.4
 
 # includes and libs
 INCLUDES = -I. -I${INCDIR} -I/usr/include
diff -r 06f79c8e3814 -r 7c7c000b4f42 ii.1
--- a/ii.1 Tue Jul 22 19:02:47 2008 +0200
+++ b/ii.1 Sat Aug 09 13:45:46 2008 +0200
@@ -44,6 +44,8 @@
 .TP
 .BI \-k " password"
 lets you use a password to authenticate your nick on the server
+(be aware of the problem that this is visible in the process list, if you
+don't want this use a query to submit your password)
 .TP
 .BI \-i " prefix"
 lets you override the default irc path (~/irc)
@@ -87,7 +89,7 @@
 Write to ii (at) modprobe (dot) de for suggestions, fixes, 7|-|>< ;) etc.
 .SH AUTHORS
 Copyright \(co 2005-2006 by Anselm R. Garbe <garbeam (at) gmail (dot) com> and
-Copyright \(co 2005-2007 by Nico Golde <nico (at) ngolde (dot) de>
+Copyright \(co 2005-2008 by Nico Golde <nico (at) ngolde (dot) de>
 .SH SEE ALSO
 .BR echo (1),
 .BR tail (1),
diff -r 06f79c8e3814 -r 7c7c000b4f42 ii.c
--- a/ii.c Tue Jul 22 19:02:47 2008 +0200
+++ b/ii.c Sat Aug 09 13:45:46 2008 +0200
@@ -52,9 +52,12 @@
                         " [-n <nick>] [-k <password>] [-f <fullname>]\n");
         exit(EXIT_SUCCESS);
 }
-static char *lower(char *s) {
+static char *striplower(char *s) {
         char *p = NULL;
- for(p = s; p && *p; p++) *p = tolower(*p);
+ for(p = s; p && *p; p++) {
+ if(*p == '/') *p = '_';
+ *p = tolower(*p);
+ }
         return s;
 }
 
@@ -79,10 +82,10 @@
 
 static int get_filepath(char *filepath, size_t len, char *channel, char *file) {
         if(channel) {
- if(!snprintf(filepath, len, "%s/%s", path, lower(channel)))
+ if(!snprintf(filepath, len, "%s/%s", path, striplower(channel)))
                         return 0;
                 create_dirtree(filepath);
- return snprintf(filepath, len, "%s/%s/%s", path,lower(channel), file);
+ return snprintf(filepath, len, "%s/%s/%s", path, striplower(channel), file);
         }
         return snprintf(filepath, len, "%s/%s", path, file);
 }
@@ -200,10 +203,8 @@
 }
 
 static void print_out(char *channel, char *buf) {
- static char outfile[256];
- static char server[256];
- FILE *out;
- static char buft[18];
+ static char outfile[256], server[256], buft[18];
+ FILE *out = NULL;
         time_t t = time(0);
 
         if(channel) snprintf(server, sizeof(server), "-!- %s", channel);
@@ -300,8 +301,7 @@
 
         for(i = 0; i < TOK_LAST; i++)
                 argv[i] = NULL;
- /*
- <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf>
+ /* <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf>
            <prefix> ::= <servername> | <nick> [ '!' <user> ] [ '@' <host> ]
            <command> ::= <letter> { <letter> } | <number> <number> <number>
            <SPACE> ::= ' ' { ' ' }
@@ -309,8 +309,8 @@
            <middle> ::= <Any *non-empty* sequence of octets not including SPACE
            or NUL or CR or LF, the first of which may not be ':'>
            <trailing> ::= <Any, possibly *empty*, sequence of octets not including NUL or CR or LF>
- <crlf> ::= CR LF
- */
+ <crlf> ::= CR LF */
+
         if(buf[0] == ':') { /* check prefix */
                 if (!(p = strchr(buf, ' '))) return;
                 *p = 0;
@@ -462,9 +462,8 @@
         int i;
         unsigned short port = SERVER_PORT;
         struct passwd *spw = getpwuid(getuid());
- char *key = NULL;
+ char *key = NULL, *fullname = NULL;
         char prefix[_POSIX_PATH_MAX];
- char *fullname = NULL;
 
         if(!spw) {
                 fprintf(stderr,"ii: getpwuid() failed\n");
Received on Sat Aug 09 2008 - 11:46:33 UTC