ObjFW/ObjIRC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make sure no newlines from parameters are sent.

Browse source 
Not doing so would allow hijacking a connection.

FossilOrigin-Name: 2cc784401620aa8736dd33e1ab3908768058b813b22454ca5d8eb194d302a1d1
This commit is contained in:
Jonathan Schleifer 2012-11-28 21:30:18 +00:00
parent 5f6b64efbd
commit 6afe091ff1
1 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/IRCConnection.m
View file

@ -139,6 +139,8 @@
- (void)disconnectWithReason: (OFString*)reason - (void)disconnectWithReason: (OFString*)reason
{ {
reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
if (reason == nil) if (reason == nil)
[self sendLine: @"QUIT"]; [self sendLine: @"QUIT"];
else else
@ -147,6 +149,8 @@
- (void)joinChannel: (OFString*)channel - (void)joinChannel: (OFString*)channel
{ {
channel = [[channel componentsSeparatedByString: @"\n"] firstObject];
[self sendLineWithFormat: @"JOIN %@", channel]; [self sendLineWithFormat: @"JOIN %@", channel];
} }
@ -159,6 +163,9 @@
- (void)leaveChannel: (OFString*)channel - (void)leaveChannel: (OFString*)channel
reason: (OFString*)reason reason: (OFString*)reason
{ {
channel = [[channel componentsSeparatedByString: @"\n"] firstObject];
reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
if (reason == nil) if (reason == nil)
[self sendLineWithFormat: @"PART %@", channel]; [self sendLineWithFormat: @"PART %@", channel];
else else
@ -194,24 +201,39 @@
- (void)sendMessage: (OFString*)msg - (void)sendMessage: (OFString*)msg
to: (OFString*)to to: (OFString*)to
{ {
[self sendLineWithFormat: @"PRIVMSG %@ :%@", to, msg]; OFArray *lines = [msg componentsSeparatedByString: @"\n"];
OFEnumerator *enumerator = [lines objectEnumerator];
OFString *line;
while ((line = [enumerator nextObject]) != nil)
[self sendLineWithFormat: @"PRIVMSG %@ :%@", to, line];
} }
- (void)sendNotice: (OFString*)notice - (void)sendNotice: (OFString*)notice
to: (OFString*)to to: (OFString*)to
{ {
[self sendLineWithFormat: @"NOTICE %@ :%@", to, notice]; OFArray *lines = [notice componentsSeparatedByString: @"\n"];
OFEnumerator *enumerator = [lines objectEnumerator];
OFString *line;
while ((line = [enumerator nextObject]) != nil)
[self sendLineWithFormat: @"NOTICE %@ :%@", to, line];
} }
- (void)kickUser: (OFString*)user - (void)kickUser: (OFString*)user
channel: (OFString*)channel channel: (OFString*)channel
reason: (OFString*)reason reason: (OFString*)reason
{ {
reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
[self sendLineWithFormat: @"KICK %@ %@ :%@", channel, user, reason]; [self sendLineWithFormat: @"KICK %@ %@ :%@", channel, user, reason];
} }
- (void)changeNicknameTo: (OFString*)nickname_ - (void)changeNicknameTo: (OFString*)nickname_
{ {
nickname_ = [[nickname_ componentsSeparatedByString: @"\n"]
firstObject];
[self sendLineWithFormat: @"NICK %@", nickname_]; [self sendLineWithFormat: @"NICK %@", nickname_];
} }