 |
- prepare 1.4 release - fix directory traversal using #../../ (not possible to … |
 |
git clone git://git.codemadness.org/ii |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit 36ec5bc4250b500a4661949fa3c55ec06635bbaf |
|
parent ddb0f6db0240c4f4766980a65678b168a52f3707 |
|
Author: Nico Golde <[email protected]> |
|
Date: Sat, 9 Aug 2008 13:45:46 +0200 |
|
|
|
- prepare 1.4 release |
|
- fix directory traversal using #../../ (not possible to overwrite arbitrary fi… |
|
- general cleanup |
|
- documentation fixes (url, copyright, formatting) |
|
Diffstat: |
|
M CHANGES | 8 ++++++++ |
|
M LICENSE | 2 +- |
|
M README | 30 ++++++++++++++++-------------- |
|
M config.mk | 2 +- |
|
M ii.1 | 4 +++- |
|
M ii.c | 27 +++++++++++++-------------- |
|
|
|
6 files changed, 42 insertions(+), 31 deletions(-) |
|
--- |
|
diff --git a/CHANGES b/CHANGES |
|
@@ -1,3 +1,11 @@ |
|
+1.4 (2008-08-09): |
|
+ - fix directory traversal on servers that support SAJOIN |
|
+ NOTE: not marking as security relevant as it is only possible to |
|
+ create directories outside (which is of course annoying) of the irc |
|
+ hierarchy but not overwriting arbitrary files with the channel name. |
|
+ - documentation fixes |
|
+ - general cleanup |
|
+ |
|
1.3 (2007-07-14): |
|
- server messages about users (QUIT,JOIN) will no longer |
|
go to the user directories but to the server out file to |
|
diff --git a/LICENSE b/LICENSE |
|
@@ -1,7 +1,7 @@ |
|
MIT/X Consortium License |
|
|
|
(C)opyright MMV-MMVI Anselm R. Garbe <[email protected]> |
|
-(C)opyright MMV-MMVII Nico Golde <nico at ngolde dot de> |
|
+(C)opyright MMV-MMVIII Nico Golde <nico at ngolde dot de> |
|
|
|
Permission is hereby granted, free of charge, to any person obtaining a |
|
copy of this software and associated documentation files (the "Software"), |
|
diff --git a/README b/README |
|
@@ -1,17 +1,17 @@ |
|
Abstract |
|
-------- |
|
-ii is a minimalistic FIFO and filesystem based IRC client. |
|
-It creates an irc directory tree with server, channel and |
|
-nick name directories. |
|
-In every directory a FIFO file (in) and and normal file (out) |
|
-is placed. |
|
-The in file is used to communicate with the servers and the out |
|
-files include the server messages. For every channel and every nick |
|
-name there will be new in and out files. |
|
-The basic idea of this is to be able to communicate with an IRC |
|
-server with standard command line tools. |
|
-For example if you want to join a channel just do echo "/j #channel" > in |
|
-and ii creates a new channel directory with in and out file. |
|
+ii is a minimalistic FIFO and filesystem based IRC client. It creates an irc |
|
+directory tree with server, channel and nick name directories. In every |
|
+directory a FIFO file (in) and and normal file (out) is placed. |
|
+ |
|
+The in file is used to communicate with the servers and the out files include |
|
+the server messages. For every channel and every nick name there will be new in |
|
+and out files. |
|
+ |
|
+The basic idea of this is to be able to communicate with an IRC server with |
|
+standard command line tools. For example if you want to join a channel just do |
|
+echo "/j #channel" > in and ii creates a new channel directory with in and out |
|
+file. |
|
|
|
Installation |
|
------------ |
|
@@ -32,10 +32,12 @@ program and for example with vim. Run vim in the server dir… |
|
key mapping like: |
|
map w1 :.w >> \#ii/in<cr> |
|
map w2 :.w >> \#wmii/in<cr> |
|
-to post to channels. |
|
+to post to channels. |
|
+ |
|
If you use the next editor line for a new posting you can use ctrl-p for nick |
|
completion if you wrote the nick in the past. |
|
Thanks to Matthias Kopfermann for this hint. |
|
+ |
|
You can find an example of how this nested environment could look like on: |
|
http://nion.modprobe.de/blog/archives/440-Using-the-ii-irc-client.html |
|
|
|
@@ -46,7 +48,7 @@ No configuration is needed. |
|
Changelog |
|
--------- |
|
Since I missed the chance to add a proper changelog right from the beginning, |
|
-please have a look at the commit messages on http://www.suckless.org/hg.rc/ii |
|
+please have a look at the commit messages on http://code.suckless.org/hg/ii/ |
|
they are fairly descriptive on releases prior to 1.2. |
|
|
|
Contact |
|
diff --git a/config.mk b/config.mk |
|
@@ -12,7 +12,7 @@ DESTDIR = |
|
|
|
INCDIR = ${PREFIX}/include |
|
LIBDIR = ${PREFIX}/lib |
|
-VERSION = 1.3 |
|
+VERSION = 1.4 |
|
|
|
# includes and libs |
|
INCLUDES = -I. -I${INCDIR} -I/usr/include |
|
diff --git a/ii.1 b/ii.1 |
|
@@ -44,6 +44,8 @@ lets you override the default port (6667) |
|
.TP |
|
.BI \-k " password" |
|
lets you use a password to authenticate your nick on the server |
|
+(be aware of the problem that this is visible in the process list, if you |
|
+don't want this use a query to submit your password) |
|
.TP |
|
.BI \-i " prefix" |
|
lets you override the default irc path (~/irc) |
|
@@ -87,7 +89,7 @@ Write wrappers, pagers or use your tools of choice to display… |
|
Write to ii (at) modprobe (dot) de for suggestions, fixes, 7|-|>< ;) etc. |
|
.SH AUTHORS |
|
Copyright \(co 2005-2006 by Anselm R. Garbe <garbeam (at) gmail (dot) com> and |
|
-Copyright \(co 2005-2007 by Nico Golde <nico (at) ngolde (dot) de> |
|
+Copyright \(co 2005-2008 by Nico Golde <nico (at) ngolde (dot) de> |
|
.SH SEE ALSO |
|
.BR echo (1), |
|
.BR tail (1), |
|
diff --git a/ii.c b/ii.c |
|
@@ -52,9 +52,12 @@ static void usage() { |
|
" [-n <nick>] [-k <password>] [-f <fullname>]… |
|
exit(EXIT_SUCCESS); |
|
} |
|
-static char *lower(char *s) { |
|
+static char *striplower(char *s) { |
|
char *p = NULL; |
|
- for(p = s; p && *p; p++) *p = tolower(*p); |
|
+ for(p = s; p && *p; p++) { |
|
+ if(*p == '/') *p = '_'; |
|
+ *p = tolower(*p); |
|
+ } |
|
return s; |
|
} |
|
|
|
@@ -79,10 +82,10 @@ static void create_dirtree(const char *dir) { |
|
|
|
static int get_filepath(char *filepath, size_t len, char *channel, char *file)… |
|
if(channel) { |
|
- if(!snprintf(filepath, len, "%s/%s", path, lower(channel))) |
|
+ if(!snprintf(filepath, len, "%s/%s", path, striplower(channel)… |
|
return 0; |
|
create_dirtree(filepath); |
|
- return snprintf(filepath, len, "%s/%s/%s", path,lower(channel)… |
|
+ return snprintf(filepath, len, "%s/%s/%s", path, striplower(ch… |
|
} |
|
return snprintf(filepath, len, "%s/%s", path, file); |
|
} |
|
@@ -200,10 +203,8 @@ static size_t tokenize(char **result, size_t reslen, char … |
|
} |
|
|
|
static void print_out(char *channel, char *buf) { |
|
- static char outfile[256]; |
|
- static char server[256]; |
|
- FILE *out; |
|
- static char buft[18]; |
|
+ static char outfile[256], server[256], buft[18]; |
|
+ FILE *out = NULL; |
|
time_t t = time(0); |
|
|
|
if(channel) snprintf(server, sizeof(server), "-!- %s", channel); |
|
@@ -300,8 +301,7 @@ static void proc_server_cmd(char *buf) { |
|
|
|
for(i = 0; i < TOK_LAST; i++) |
|
argv[i] = NULL; |
|
- /* |
|
- <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf> |
|
+ /* <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf> |
|
<prefix> ::= <servername> | <nick> [ '!' <user> ] [ '@' <host> ] |
|
<command> ::= <letter> { <letter> } | <number> <number> <number> |
|
<SPACE> ::= ' ' { ' ' } |
|
@@ -309,8 +309,8 @@ static void proc_server_cmd(char *buf) { |
|
<middle> ::= <Any *non-empty* sequence of octets not including SP… |
|
or NUL or CR or LF, the first of which may not be ':'> |
|
<trailing> ::= <Any, possibly *empty*, sequence of octets not inclu… |
|
- <crlf> ::= CR LF |
|
- */ |
|
+ <crlf> ::= CR LF */ |
|
+ |
|
if(buf[0] == ':') { /* check prefix */ |
|
if (!(p = strchr(buf, ' '))) return; |
|
*p = 0; |
|
@@ -462,9 +462,8 @@ int main(int argc, char *argv[]) { |
|
int i; |
|
unsigned short port = SERVER_PORT; |
|
struct passwd *spw = getpwuid(getuid()); |
|
- char *key = NULL; |
|
+ char *key = NULL, *fullname = NULL; |
|
char prefix[_POSIX_PATH_MAX]; |
|
- char *fullname = NULL; |
|
|
|
if(!spw) { |
|
fprintf(stderr,"ii: getpwuid() failed\n"); |
