CHANSERV: Fix possibly unsafe string handling

[irc/quakenet/newserv.git] / chanserv / chanservstdcmds.c

diff --git a/chanserv/chanservstdcmds.c b/chanserv/chanservstdcmds.c
index bc1a1b97667b050e3590af83c5368fefa040ea32..1c0277c883897a78ed684670478594cb310980f5 100644 (file)
--- a/chanserv/chanservstdcmds.c
+++ b/chanserv/chanservstdcmds.c
@@ -56,7 +56,7 @@ int cs_dosetquitreason(void *source, int cargc, char **cargv) {
   if (cs_quitreason)
     freesstring(cs_quitreason);
  
-  cs_quitreason=getsstring(cargv[0]);
+  cs_quitreason=getsstring(cargv[0], 250);
 
   chanservstdmessage(sender, QM_DONE);
 
@@ -91,6 +91,7 @@ int cs_doshowcommands(void *source, int cargc, char **cargv) {
   cmdsummary *summary;
   char cmdbuf[50];
   char *ct;
+  unsigned int dumpcount=0;
   
   n=getcommandlist(cscommands, cmdlist, 200);
   rup=getreguserfromnick(sender);
@@ -102,7 +103,49 @@ int cs_doshowcommands(void *source, int cargc, char **cargv) {
 
   chanservstdmessage(sender, QM_COMMANDLIST);
 
+  if (cargc>0 && rup && UIsDev(rup) && !ircd_strcmp(cargv[0], "-v")) {
+    dumpcount=1;
+  }
+
   for (i=0;i<n;i++) {
+    /* Generate the appropriate strings for the command name (including 
+     * prefixes for privileged users) and the summary text.
+     *
+     * We do this before we're sure we will print the command to make things
+     * easier when we are doing -v */    
+    summary=(cmdsummary *)cmdlist[i]->ext;
+    
+    if (rup && UHasStaffPriv(rup)) {
+      if (cmdlist[i]->level & QCMD_DEV) {
+        sprintf(cmdbuf,"+d %s",cmdlist[i]->command->content);
+      } else if(cmdlist[i]->level & QCMD_ADMIN) {
+        sprintf(cmdbuf,"+a %s",cmdlist[i]->command->content);
+      } else if(cmdlist[i]->level & QCMD_OPER) {
+        sprintf(cmdbuf,"+o %s",cmdlist[i]->command->content);
+      } else if(cmdlist[i]->level & QCMD_HELPER) {
+        sprintf(cmdbuf,"+h %s",cmdlist[i]->command->content);
+      } else if(cmdlist[i]->level & QCMD_STAFF) {
+        sprintf(cmdbuf,"+q %s",cmdlist[i]->command->content);
+      } else {
+        sprintf(cmdbuf,"   %s",cmdlist[i]->command->content);
+      }
+      ct=cmdbuf;
+    } else {
+      ct=cmdlist[i]->command->content;
+    }
+    
+    if (summary->bylang[lang]) {
+      message=summary->bylang[lang]->content;
+    } else if (summary->bylang[0]) {
+      message=summary->bylang[0]->content;
+    } else {
+      message=summary->def->content;
+    }
+    
+    if (dumpcount) {
+      chanservsendmessage(sender,"%-20s %u", cmdbuf, cmdlist[i]->calls);
+      continue;
+    }
     
     if (cargc>0 && !match2strings(cargv[0],cmdlist[i]->command->content))
       continue;
@@ -118,6 +161,10 @@ int cs_doshowcommands(void *source, int cargc, char **cargv) {
     if ((cmdlist[i]->level & QCMD_NOTAUTHED) && rup)
       continue;
 
+    if ((cmdlist[i]->level & QCMD_STAFF) && 
+       (!rup || !UHasStaffPriv(rup)))
+      continue;
+
     if ((cmdlist[i]->level & QCMD_HELPER) && 
        (!rup || !UHasHelperPriv(rup)))
       continue;
@@ -134,33 +181,7 @@ int cs_doshowcommands(void *source, int cargc, char **cargv) {
        (!rup || !UIsDev(rup) || !IsOper(sender)))
       continue;
     
-    summary=(cmdsummary *)cmdlist[i]->ext;
-    
-    if (rup && UHasHelperPriv(rup)) {
-      if (cmdlist[i]->level & QCMD_DEV) {
-        sprintf(cmdbuf,"+d %s",cmdlist[i]->command->content);
-      } else if(cmdlist[i]->level & QCMD_ADMIN) {
-        sprintf(cmdbuf,"+a %s",cmdlist[i]->command->content);
-      } else if(cmdlist[i]->level & QCMD_OPER) {
-        sprintf(cmdbuf,"+o %s",cmdlist[i]->command->content);
-      } else if(cmdlist[i]->level & QCMD_HELPER) {
-        sprintf(cmdbuf,"+h %s",cmdlist[i]->command->content);
-      } else {
-        sprintf(cmdbuf,"   %s",cmdlist[i]->command->content);
-      }
-      ct=cmdbuf;
-    } else {
-      ct=cmdlist[i]->command->content;
-    }
-    
-    if (summary->bylang[lang]) {
-      message=summary->bylang[lang]->content;
-    } else if (summary->bylang[0]) {
-      message=summary->bylang[0]->content;
-    } else {
-      message=summary->def->content;
-    }
-    
+    /* We passed all the checks, send the message */    
     chanservsendmessage(sender, "%-20s %s",ct, message);
   }
 
@@ -185,7 +206,8 @@ int cs_sendhelp(nick *sender, char *thecmd, int oneline) {
   rup=getreguserfromnick(sender);
   
   /* Don't showhelp for privileged users to others.. */
-  if (((cmd->level & QCMD_HELPER) && (!rup || !UHasHelperPriv(rup))) ||
+  if (((cmd->level & QCMD_STAFF) && (!rup || !UHasStaffPriv(rup))) ||
+      ((cmd->level & QCMD_HELPER) && (!rup || !UHasHelperPriv(rup))) ||
       ((cmd->level & QCMD_OPER) && (!rup || !UHasOperPriv(rup))) ||
       ((cmd->level & QCMD_ADMIN) && (!rup || !UHasAdminPriv(rup))) ||
       ((cmd->level & QCMD_DEV) && (!rup || !UIsDev(rup)))) {
@@ -197,9 +219,9 @@ int cs_sendhelp(nick *sender, char *thecmd, int oneline) {
 
   if (sum->defhelp && *(sum->defhelp)) {
     if (oneline) {
-      chanservsendmessageoneline(sender, sum->defhelp);
+      chanservsendmessageoneline(sender, "%s", sum->defhelp);
     } else {
-      chanservsendmessage(sender, sum->defhelp);
+      chanservsendmessage(sender, "%s", sum->defhelp);
     }
   } else {
     if (!oneline)
@@ -323,11 +345,11 @@ void csdb_dohelp_real(DBConn *dbconn, void *arg) {
   }
 
   if (result) {
-    chanservsendmessage(np, result);
+    chanservsendmessage(np, "%s", result);
   } else {
     cmdsummary *sum=hip->cmd->ext;
     if (sum->defhelp && *(sum->defhelp)) {
-      chanservsendmessage(np, sum->defhelp);
+      chanservsendmessage(np, "%s", sum->defhelp);
     } else {
       chanservstdmessage(np, QM_NOHELP, hip->commandname->content);
     }