ObjFW/ObjIRC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make sure no newlines from parameters are sent.

Browse source 
Not doing so would allow hijacking a connection.

FossilOrigin-Name: 2cc784401620aa8736dd33e1ab3908768058b813b22454ca5d8eb194d302a1d1
This commit is contained in:
Jonathan Schleifer 2012-11-28 21:30:18 +00:00
parent 5f6b64efbd
commit 6afe091ff1
1 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/IRCConnection.m
View file

@ -139,6 +139,8 @@
- (void)disconnectWithReason: (OFString*)reason
{
reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
if (reason == nil)
[self sendLine: @"QUIT"];
else
@ -147,6 +149,8 @@
- (void)joinChannel: (OFString*)channel
{
channel = [[channel componentsSeparatedByString: @"\n"] firstObject];
[self sendLineWithFormat: @"JOIN %@", channel];
}
@ -159,6 +163,9 @@
- (void)leaveChannel: (OFString*)channel
reason: (OFString*)reason
{
channel = [[channel componentsSeparatedByString: @"\n"] firstObject];
reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
if (reason == nil)
[self sendLineWithFormat: @"PART %@", channel];
else
@ -194,24 +201,39 @@
- (void)sendMessage: (OFString*)msg
to: (OFString*)to
{
[self sendLineWithFormat: @"PRIVMSG %@ :%@", to, msg];
OFArray *lines = [msg componentsSeparatedByString: @"\n"];
OFEnumerator *enumerator = [lines objectEnumerator];
OFString *line;
while ((line = [enumerator nextObject]) != nil)
[self sendLineWithFormat: @"PRIVMSG %@ :%@", to, line];
}
- (void)sendNotice: (OFString*)notice
to: (OFString*)to
{
[self sendLineWithFormat: @"NOTICE %@ :%@", to, notice];
OFArray *lines = [notice componentsSeparatedByString: @"\n"];
OFEnumerator *enumerator = [lines objectEnumerator];
OFString *line;
while ((line = [enumerator nextObject]) != nil)
[self sendLineWithFormat: @"NOTICE %@ :%@", to, line];
}
- (void)kickUser: (OFString*)user
channel: (OFString*)channel
reason: (OFString*)reason
{
reason = [[reason componentsSeparatedByString: @"\n"] firstObject];
[self sendLineWithFormat: @"KICK %@ %@ :%@", channel, user, reason];
}
- (void)changeNicknameTo: (OFString*)nickname_
{
nickname_ = [[nickname_ componentsSeparatedByString: @"\n"]
firstObject];
[self sendLineWithFormat: @"NICK %@", nickname_];
}