msgbuf: Fix remote crash vulnerability due to malformed message tag.

[solanum.git] / ircd / s_serv.c

diff --git a/ircd/s_serv.c b/ircd/s_serv.c
index 28ed4286b9f093f45430bd0c9eb89c035e560dd8..178622baf9e3c8279dcc73c227cb3782a35750a9 100644 (file)
--- a/ircd/s_serv.c
+++ b/ircd/s_serv.c
@@ -53,10 +53,6 @@
 #include "capability.h"
 #include "s_assert.h"
 
-#ifndef INADDR_NONE
-#define INADDR_NONE ((unsigned int) 0xffffffff)
-#endif
-
 int MaxConnectionCount = 1;
 int MaxClientCount = 1;
 int refresh_user_links = 0;
@@ -151,6 +147,7 @@ init_builtin_capabs(void)
 
 static CNCB serv_connect_callback;
 static CNCB serv_connect_ssl_callback;
+static SSL_OPEN_CB serv_connect_ssl_open_callback;
 
 /*
  * hunt_server - Do the basic thing in delivering the message (command)
@@ -829,7 +826,7 @@ server_estab(struct Client *client_p)
                           EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
 
                /* pass info to new server */
-               send_capabilities(client_p, default_server_capabs
+               send_capabilities(client_p, default_server_capabs | CAP_MASK
                                  | (ServerConfCompressed(server_p) ? CAP_ZIP_SUPPORTED : 0)
                                  | (ServerConfTb(server_p) ? CAP_TB : 0));
 
@@ -1030,6 +1027,9 @@ serv_connect(struct server_conf *server_p, struct Client *by)
        if(server_p == NULL)
                return 0;
 
+       SET_SS_FAMILY(&sa_connect, AF_UNSPEC);
+       SET_SS_FAMILY(&sa_bind, AF_UNSPEC);
+
 #ifdef RB_IPV6
        if(server_p->aftype != AF_UNSPEC
                && GET_SS_FAMILY(&server_p->connect4) == AF_INET
@@ -1135,7 +1135,7 @@ serv_connect(struct server_conf *server_p, struct Client *by)
         */
        make_server(client_p);
        if(by && IsClient(by))
-               strcpy(client_p->serv->by, by->name);
+               rb_strlcpy(client_p->serv->by, by->name, sizeof(client_p->serv->by));
        else
                strcpy(client_p->serv->by, "AutoConn.");
 
@@ -1155,7 +1155,6 @@ serv_connect(struct server_conf *server_p, struct Client *by)
        rb_connect_tcp(client_p->localClient->F,
                (struct sockaddr *)&sa_connect,
                GET_SS_FAMILY(&sa_bind) == AF_UNSPEC ? NULL : (struct sockaddr *)&sa_bind,
-               GET_SS_LEN(&sa_bind),
                ServerConfSSL(server_p) ? serv_connect_ssl_callback : serv_connect_callback,
                client_p, ConfigFileEntry.connect_timeout);
        return 1;
@@ -1181,8 +1180,7 @@ serv_connect_ssl_callback(rb_fde_t *F, int status, void *data)
 
        }
        client_p->localClient->F = xF[0];
-       client_p->localClient->ssl_callback = serv_connect_callback;
-       client_p->localClient->ssl_data = data;
+       client_p->localClient->ssl_callback = serv_connect_ssl_open_callback;
 
        client_p->localClient->ssl_ctl = start_ssld_connect(F, xF[1], connid_get(client_p));
        if(!client_p->localClient->ssl_ctl)
@@ -1193,6 +1191,13 @@ serv_connect_ssl_callback(rb_fde_t *F, int status, void *data)
        SetSSL(client_p);
 }
 
+static int
+serv_connect_ssl_open_callback(struct Client *client_p, int status)
+{
+       serv_connect_callback(client_p->localClient->F, status, client_p);
+       return 1; /* suppress default exit_client handler for status != RB_OK */
+}
+
 /*
  * serv_connect_callback() - complete a server connection.
  *
@@ -1292,7 +1297,7 @@ serv_connect_callback(rb_fde_t *F, int status, void *data)
                   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
 
        /* pass my info to the new server */
-       send_capabilities(client_p, default_server_capabs
+       send_capabilities(client_p, default_server_capabs | CAP_MASK
                          | (ServerConfCompressed(server_p) ? CAP_ZIP_SUPPORTED : 0)
                          | (ServerConfTb(server_p) ? CAP_TB : 0));