Fix setting an X-Line on a server with a matching user

X-Lines use MatchItems, not AccessItems, and the match reporting was using an AccessItem, thus accessing out of bounds memory. Also completely rip out map_to_conf, instead putting the MatchItem/AccessItem/ClassItem/ResvChannel in an anonymous union in the ClassItem. map_to_conf was a horrible hack, and this at least gets us some type checking, as long as you pick the right union member. Fixes #43
oftc · Sep 8, 2023 · bdacbd4 · bdacbd4
1 parent 566f4da
commit bdacbd4
Show file tree

Hide file tree

Showing 27 changed files with 236 additions and 240 deletions.
diff --git a/contrib/m_classlist.c b/contrib/m_classlist.c
@@ -90,7 +90,7 @@ mo_classlist(struct Client *client_p, struct Client *source_p,
 
     if (match(parv[1], conf->name))
     {
-      const struct ClassItem *aclass = map_to_conf(conf);
+      const struct ClassItem *aclass = &conf->aclass;
       sendto_one(source_p, ":%s NOTICE %s :%s %d",
                  me.name, source_p->name, conf->name,
                  CurrUserCount(aclass));

diff --git a/include/s_conf.h b/include/s_conf.h
@@ -34,6 +34,7 @@
 #include "client.h"
 #include "hook.h"
 #include "pcre.h"
+#include "resv.h"		/* ResvChannel */
 
 struct Client;
 struct DNSReply;
@@ -79,15 +80,6 @@ struct split_nuh_item
   size_t hostsize;
 };
 
-struct ConfItem
-{
-  char *name;		/* Primary key */
-  pcre *regexpname;
-  dlink_node node;	/* link into known ConfItems of this type */
-  unsigned int flags;
-  ConfType type;
-};
-
 /*
  * MatchItem - used for XLINE and ULINE types
  */
@@ -156,6 +148,22 @@ struct ClassItem
   char *reject_message;
 };
 
+struct ConfItem
+{
+  char *name;		/* Primary key */
+  pcre *regexpname;
+  dlink_node node;	/* link into known ConfItems of this type */
+  unsigned int flags;
+  ConfType type;
+  union
+  {
+    struct AccessItem aconf;
+    struct MatchItem mconf;
+    struct ClassItem aclass;
+    struct ResvChannel cresv;
+  };
+};
+
 struct CidrItem
 {
   struct irc_ssaddr mask;
@@ -565,8 +573,10 @@ extern void parse_csv_file(FBFILE *, ConfType);
 
 extern char *get_oper_name(const struct Client *);
 
-extern void *map_to_conf(struct ConfItem *);
-extern struct ConfItem *unmap_conf_item(void *);
+#define container_of(ptr, type, member) ({                      \
+	const typeof( ((type *)0)->member ) *__mptr = (ptr);    \
+	(type *)( (char *)__mptr - offsetof(type, member) );})
+#define unmap_conf_item(ptr, member) container_of(ptr, struct ConfItem, member)
 /* XXX should the parse_aline stuff go into another file ?? */
 #define AWILD 0x1		/* check wild cards */
 #define NOUSERLOOKUP 0x2 /* Don't lookup the user@host on /rkline nick */

diff --git a/modules/core/m_server.c b/modules/core/m_server.c
@@ -364,7 +364,7 @@ ms_server(struct Client *client_p, struct Client *source_p,
 
     if (match(conf->name, client_p->name))
     {
-      match_item = (struct MatchItem *)map_to_conf(conf);
+      match_item = &conf->mconf;
       if (match(match_item->host, name))
 	llined++;
     }
@@ -376,7 +376,7 @@ ms_server(struct Client *client_p, struct Client *source_p,
 
     if (match(conf->name, client_p->name))
     {
-      match_item = (struct MatchItem *)map_to_conf(conf);
+      match_item = &conf->mconf;
 
       if (match(match_item->host, name))
 	hlined++;
@@ -608,7 +608,7 @@ ms_sid(struct Client *client_p, struct Client *source_p,
 
     if (match(conf->name, client_p->name))
     {
-      match_item = (struct MatchItem *)map_to_conf(conf);
+      match_item = &conf->mconf;
       if (match(match_item->host, SID_NAME))
 	llined++;
     }
@@ -620,7 +620,7 @@ ms_sid(struct Client *client_p, struct Client *source_p,
 
     if (match(conf->name, client_p->name))
     {
-      match_item = (struct MatchItem *)map_to_conf(conf);
+      match_item = &conf->mconf;
 
       if (match(match_item->host, SID_NAME))
 	hlined++;

diff --git a/modules/m_challenge.c b/modules/m_challenge.c
@@ -148,13 +148,13 @@ m_challenge(struct Client *client_p, struct Client *source_p,
 			      parv[1], source_p->username, source_p->host
 			      )) != NULL)
   {
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
   }
   else if ((conf = find_conf_exact(OPER_TYPE,
 				   parv[1], source_p->username,
 				   source_p->sockhost)) != NULL)
   {
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
   }
 
   if(aconf == NULL)

diff --git a/modules/m_connect.c b/modules/m_connect.c
@@ -116,10 +116,10 @@ mo_connect(struct Client* client_p, struct Client* source_p,
    */
   if ((conf = find_matching_name_conf(SERVER_TYPE,
 				      parv[1], NULL, NULL, 0)) != NULL)
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
   else if ((conf = find_matching_name_conf(SERVER_TYPE,
 					   NULL, NULL, parv[1], 0)) != NULL)
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
 
   if (conf == NULL)
   {
@@ -236,10 +236,10 @@ ms_connect(struct Client *client_p, struct Client *source_p,
    */
   if ((conf = find_matching_name_conf(SERVER_TYPE,
 				      parv[1], NULL, NULL, 0)) != NULL)
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
   else if ((conf = find_matching_name_conf(SERVER_TYPE,
 					   NULL, NULL, parv[1], 0)) != NULL)
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
 
   if (aconf == NULL)
   {

diff --git a/modules/m_cryptlink.c b/modules/m_cryptlink.c
@@ -235,7 +235,7 @@ cryptlink_auth(struct Client *client_p, struct Client *source_p,
     return;
   }
 
-  aconf = (struct AccessItem *)map_to_conf(conf);
+  aconf = &conf->aconf;
 
   if (!(client_p->localClient->out_cipher ||
       (client_p->localClient->out_cipher = check_cipher(client_p, aconf))))
@@ -419,7 +419,7 @@ cryptlink_serv(struct Client *client_p, struct Client *source_p,
   strlcpy(client_p->info, p, sizeof(client_p->info));
   client_p->hopcount = 0;
 
-  aconf = (struct AccessItem *)map_to_conf(conf);
+  aconf = &conf->aconf;
 
   if (!(client_p->localClient->out_cipher ||
       (client_p->localClient->out_cipher = check_cipher(client_p, aconf))))

diff --git a/modules/m_gline.c b/modules/m_gline.c
@@ -297,7 +297,7 @@ do_sgline(struct Client *client_p, struct Client *source_p,
   DLINK_FOREACH(ptr, gdeny_items.head)
   {
     conf = ptr->data;
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
 
     if (match(conf->name, source_p->servptr->name) &&
         match(aconf->user, source_p->username) &&
@@ -413,7 +413,7 @@ set_local_gline(const struct Client *source_p, const char *user,
 
   current_date = smalldate(cur_time);
   conf = make_conf_item(GLINE_TYPE);
-  aconf = (struct AccessItem *)map_to_conf(conf);
+  aconf = &conf->aconf;
 
   ircsprintf(buffer, "%s (%s)", reason, current_date);
   DupString(aconf->reason, buffer);
@@ -566,6 +566,7 @@ check_majority_gline(const struct Client *source_p,
 static int
 remove_gline_match(const char *user, const char *host)
 {
+  struct ConfItem *conf;
   struct AccessItem *aconf;
   dlink_node *ptr = NULL;
   struct irc_ssaddr addr, caddr;
@@ -575,7 +576,8 @@ remove_gline_match(const char *user, const char *host)
 
   DLINK_FOREACH(ptr, temporary_glines.head)
   {
-    aconf = map_to_conf(ptr->data);
+    conf = (struct ConfItem *)ptr->data;
+    aconf = &conf->aconf;
     cnm_t = parse_netmask(aconf->host, &caddr, &cbits);
 
     if (cnm_t != nm_t || irccmp(user, aconf->user))

diff --git a/modules/m_kline.c b/modules/m_kline.c
@@ -204,7 +204,7 @@ mo_kline(struct Client *client_p, struct Client *source_p,
   cur_time = CurrentTime;
   current_date = smalldate(cur_time);
   conf = make_conf_item(KLINE_TYPE);
-  aconf = map_to_conf(conf);
+  aconf = &conf->aconf;
 
   DupString(aconf->host, host);
   DupString(aconf->user, user);
@@ -255,7 +255,7 @@ me_kline(struct Client *client_p, struct Client *source_p,
       return;
 
     conf = make_conf_item(KLINE_TYPE);
-    aconf = map_to_conf(conf);
+    aconf = &conf->aconf;
     DupString(aconf->host, khost);
     DupString(aconf->user, kuser);
 
@@ -298,7 +298,7 @@ apply_kline(struct Client *source_p, struct ConfItem *conf,
 {
   struct AccessItem *aconf;
 
-  aconf = (struct AccessItem *)map_to_conf(conf);
+  aconf = &conf->aconf;
   if(tkline_time > 0)
   {
     aconf->hold = CurrentTime + tkline_time;
@@ -421,7 +421,7 @@ mo_dline(struct Client *client_p, struct Client *source_p,
     return;
 
   conf = make_conf_item(DLINE_TYPE);
-  aconf = map_to_conf(conf);
+  aconf = &conf->aconf;
   DupString(aconf->host, dlhost);
 
   if (tkline_time != 0)
@@ -653,6 +653,7 @@ ms_unkline(struct Client *client_p, struct Client *source_p,
 static int
 remove_tkline_match(const char *host, const char *user)
 {
+  struct ConfItem *conf;
   struct AccessItem *tk_c;
   dlink_node *tk_n;
   struct irc_ssaddr addr, caddr;
@@ -661,7 +662,8 @@ remove_tkline_match(const char *host, const char *user)
 
   DLINK_FOREACH(tk_n, temporary_klines.head)
   {
-    tk_c = map_to_conf(tk_n->data);
+    conf = (struct ConfItem *)tk_n->data;
+    tk_c = &conf->aconf;
     cnm_t = parse_netmask(tk_c->host, &caddr, &cbits);
     if (cnm_t != nm_t || irccmp(user, tk_c->user))
       continue;
@@ -689,6 +691,7 @@ remove_tkline_match(const char *host, const char *user)
 static int
 remove_tdline_match(const char *cidr)
 {
+  struct ConfItem *conf;
   struct AccessItem *td_conf;
   dlink_node *td_node;
   struct irc_ssaddr addr, caddr;
@@ -697,7 +700,8 @@ remove_tdline_match(const char *cidr)
 
   DLINK_FOREACH(td_node, temporary_dlines.head)
   {
-    td_conf = map_to_conf(td_node->data);
+    conf = (struct ConfItem *)td_node->data;
+    td_conf = &conf->aconf;
     cnm_t   = parse_netmask(td_conf->host, &caddr, &cbits);
 
     if (cnm_t != nm_t)

diff --git a/modules/m_map.c b/modules/m_map.c
@@ -75,7 +75,7 @@ mo_map(struct Client *client_p, struct Client *source_p,
   DLINK_FOREACH(ptr, server_items.head)
   {
     conf = ptr->data;
-    aconf = (struct AccessItem *)map_to_conf(conf);
+    aconf = &conf->aconf;
     if (aconf->status != CONF_SERVER)
       continue;
     if (strcmp(conf->name, me.name) == 0)

diff --git a/modules/m_oper.c b/modules/m_oper.c
@@ -103,7 +103,7 @@ m_oper(struct Client *client_p, struct Client *source_p,
     return;
   }
 
-  aconf = (struct AccessItem *)map_to_conf(conf);
+  aconf = &conf->aconf;
 
   if (match_conf_password(password, aconf))
   {

diff --git a/modules/m_resv.c b/modules/m_resv.c
@@ -265,7 +265,7 @@ parse_resv(struct Client *source_p, char *name, int tkline_time, char *reason)
       return;
     }
 
-    resv_p = map_to_conf(conf);
+    resv_p = &conf->cresv;
 
     if (tkline_time != 0)
     {
@@ -328,7 +328,7 @@ parse_resv(struct Client *source_p, char *name, int tkline_time, char *reason)
       return;
     }
 
-    resv_p = map_to_conf(conf);
+    resv_p = &conf->mconf;
 
     if (tkline_time != 0)
     {
@@ -416,7 +416,7 @@ remove_resv(struct Client *source_p, const char *name)
       return;
     }
 
-    resv_p = map_to_conf(conf);
+    resv_p = &conf->mconf;
 
     if (resv_p->action)
     {

diff --git a/modules/m_rkline.c b/modules/m_rkline.c
@@ -176,7 +176,7 @@ mo_rkline(struct Client *client_p, struct Client *source_p,
   cur_time = CurrentTime;
   current_date = smalldate(cur_time);
   conf = make_conf_item(RKLINE_TYPE);
-  aconf = map_to_conf(conf);
+  aconf = &conf->aconf;
 
   DupString(aconf->host, host);
   DupString(aconf->user, user);
@@ -241,7 +241,7 @@ me_rkline(struct Client *client_p, struct Client *source_p,
     }
 
     conf = make_conf_item(RKLINE_TYPE);
-    aconf = map_to_conf(conf);
+    aconf = &conf->aconf;
     DupString(aconf->host, khost);
     DupString(aconf->user, kuser);
 
@@ -284,7 +284,7 @@ static void
 apply_rkline(struct Client *source_p, struct ConfItem *conf,
              const char *current_date, time_t cur_time, time_t tkline_time)
 {
-  struct AccessItem *aconf = map_to_conf(conf);
+  struct AccessItem *aconf = &conf->aconf;
 
   if(tkline_time != 0)
   {
@@ -307,7 +307,8 @@ already_placed_rkline(struct Client *source_p, const char *user, const char *hos
 
   DLINK_FOREACH(ptr, rkconf_items.head)
   {
-    struct AccessItem *aptr = map_to_conf(ptr->data);
+    struct ConfItem *conf = (struct ConfItem *)ptr->data;
+    struct AccessItem *aptr = &conf->aconf;
 
     if (!strcmp(user, aptr->user) &&
         !strcmp(aptr->host, host))
@@ -487,7 +488,7 @@ remove_trkline_match(const char *const host,
   DLINK_FOREACH(ptr, temporary_rklines.head)
   {
     struct ConfItem *conf = ptr->data;
-    struct AccessItem *aptr = map_to_conf(ptr->data);
+    struct AccessItem *aptr = &conf->aconf;
 
     if (!strcmp(user, aptr->user) &&
         !strcmp(aptr->host, host))

diff --git a/modules/m_rxline.c b/modules/m_rxline.c
@@ -94,7 +94,7 @@ already_placed_rxline(struct Client *source_p, const char *gecos)
   DLINK_FOREACH(ptr, rxconf_items.head)
   {
     struct ConfItem *aptr = ptr->data;
-    const struct MatchItem *match_item = map_to_conf(aptr);
+    const struct MatchItem *match_item = &aptr->mconf;
 
     if (!strcmp(gecos, aptr->name))
     {
@@ -329,7 +329,7 @@ write_rxline(struct Client *source_p, const char *gecos, char *reason,
   conf = make_conf_item(RXLINE_TYPE);
   conf->regexpname = exp_gecos;
 
-  match_item = map_to_conf(conf);
+  match_item = &conf->mconf;
 
   DupString(conf->name, gecos);
   DupString(match_item->reason, reason);

diff --git a/modules/m_stats.c b/modules/m_stats.c
@@ -695,7 +695,7 @@ dump_counters(struct Client *source_p)
   DLINK_FOREACH(ptr, class_items.head)
   {
     conf = ptr->data;
-    classitem = map_to_conf(conf);
+    classitem = &conf->aclass;
     DLINK_FOREACH(ptr2, classitem->list_ipv4.head)
     {
       cidr = ptr2->data;