From 6afe091ff12d29f4a45fe37d0277559b81cbfa4e Mon Sep 17 00:00:00 2001
From: Jonathan Schleifer <js@nil.im>
Date: Wed, 28 Nov 2012 21:30:18 +0000
Subject: [PATCH] Make sure no newlines from parameters are sent.

Not doing so would allow hijacking a connection.

FossilOrigin-Name: 2cc784401620aa8736dd33e1ab3908768058b813b22454ca5d8eb194d302a1d1
---
 src/IRCConnection.m | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/IRCConnection.m b/src/IRCConnection.m
index 53a4094..910511b 100644
--- a/src/IRCConnection.m
+++ b/src/IRCConnection.m
@@ -139,6 +139,8 @@
 
 - (void)disconnectWithReason: (OFString*)reason
 {
+	reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
+
 	if (reason == nil)
 		[self sendLine: @"QUIT"];
 	else
@@ -147,6 +149,8 @@
 
 - (void)joinChannel: (OFString*)channel
 {
+	channel = [[channel componentsSeparatedByString: @"\n"] firstObject];
+
 	[self sendLineWithFormat: @"JOIN %@", channel];
 }
 
@@ -159,6 +163,9 @@
 - (void)leaveChannel: (OFString*)channel
 	      reason: (OFString*)reason
 {
+	channel = [[channel componentsSeparatedByString: @"\n"] firstObject];
+	reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
+
 	if (reason == nil)
 		[self sendLineWithFormat: @"PART %@", channel];
 	else
@@ -194,24 +201,39 @@
 - (void)sendMessage: (OFString*)msg
 		 to: (OFString*)to
 {
-	[self sendLineWithFormat: @"PRIVMSG %@ :%@", to, msg];
+	OFArray *lines = [msg componentsSeparatedByString: @"\n"];
+	OFEnumerator *enumerator = [lines objectEnumerator];
+	OFString *line;
+
+	while ((line = [enumerator nextObject]) != nil)
+		[self sendLineWithFormat: @"PRIVMSG %@ :%@", to, line];
 }
 
 - (void)sendNotice: (OFString*)notice
 		to: (OFString*)to
 {
-	[self sendLineWithFormat: @"NOTICE %@ :%@", to, notice];
+	OFArray *lines = [notice componentsSeparatedByString: @"\n"];
+	OFEnumerator *enumerator = [lines objectEnumerator];
+	OFString *line;
+
+	while ((line = [enumerator nextObject]) != nil)
+		[self sendLineWithFormat: @"NOTICE %@ :%@", to, line];
 }
 
 - (void)kickUser: (OFString*)user
 	 channel: (OFString*)channel
 	  reason: (OFString*)reason
 {
+	reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
+
 	[self sendLineWithFormat: @"KICK %@ %@ :%@", channel, user, reason];
 }
 
 - (void)changeNicknameTo: (OFString*)nickname_
 {
+	nickname_ = [[nickname_ componentsSeparatedByString: @"\n"]
+	    firstObject];
+
 	[self sendLineWithFormat: @"NICK %@", nickname_];
 }