Merge pull request #89 from kobishmueli/sslbug

Fix a security bug on readwrite_client() that could lead to server crashes by SSL users

Author: eaescob

CHANGES

@@ -1,3 +1,22 @@
+Changes for 2.1.4:
+------------------
+- typo fix (cptr --> sptr) that could lead to server crashes in some cases
+- Duplicate USER_VERBOSE and OPER_VERBOSE xflags into USER_VERBOSEV2 and OPER_VERBOSEV2
+  (this will make it easier for us to enable them on upgraded servers without affecting non-upgraded servers).
+- Don't accept too long hostnames from WEBIRC
+- Don't allow WEBIRC to use 0.0.0.*, 127.0.0.* or Staff_Address
+- Don't allow WEBIRC to use DEFAULT_STAFF_ADDRESS either
+- Make sure the host on WEBIRC will have at least one dot
+- Allow WEBIRC hosts to have a semicolon too (for IPv6 IP addresses)
+
+Changes for 2.1.3 (private release):
+------------------------------------
+- Optimize sendto_channel_butone() and sendto_channel_butlocal() functions
+- More sanity checks (just to be on the safe side...)
+- Fix SVSXCF calls with no channel name on send_topic_burst()
+- Cosmetic change (clarify what umode +y does)
+- Fix a security bug on readwrite_client() that could lead to server crashes by SSL users
+
 Changes for 2.1.2:
 ------------------
 - Increase the umode buffer on register_user() to prevent a possible

include/patchlevel.h

@@ -22,7 +22,7 @@
 #define BASENAME "bahamut"
 #define MAJOR 2
 #define MINOR 1
-#define PATCH 2
+#define PATCH 4
 
 #define PATCHES ""
 

src/s_bsd.c

@@ -1750,7 +1750,11 @@ int readwrite_client(aClient *cptr, int isread, int iswrite)
     if(cptr->ssl && IsSSL(cptr) && !SSL_is_init_finished(cptr->ssl))
     {
         if(IsDead(cptr) || !safe_ssl_accept(cptr, cptr->fd))
+        {
+            if(IsClient(cptr))
+                return exit_client(cptr, cptr, &me, iswrite?"Write Error: SSL Bug #7845":"Read Error: SSL Bug #7845");
             close_connection(cptr);
+        }
         return 1;
     }
 #endif