git clone https://orangeshoelaces.net/git/ii.gitAuthor: Nico Golde on 08/09/2008
Committer: Nico Golde on 08/09/2008
- prepare 1.4 release - fix directory traversal using #../../ (not possible to overwrite arbitrary files, thus not marking as security fix) - general cleanup - documentation fixes (url, copyright, formatting)
CHANGES | 8 ++
LICENSE | 2 +-
README | 30 ++++----
config.mk | 2 +-
ii.1 | 4 +-
ii.c | 27 ++++---
6 files changed, 42 insertions(+), 31 deletions(-)
diff --git a/CHANGES b/CHANGES
index 56c7eb6..001cdc1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,11 @@
+1.4 (2008-08-09):
+ - fix directory traversal on servers that support SAJOIN
+ NOTE: not marking as security relevant as it is only possible to
+ create directories outside (which is of course annoying) of the irc
+ hierarchy but not overwriting arbitrary files with the channel name.
+ - documentation fixes
+ - general cleanup
+
1.3 (2007-07-14):
- server messages about users (QUIT,JOIN) will no longer
go to the user directories but to the server out file to
diff --git a/LICENSE b/LICENSE
index 587ec9f..dd0b65c 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,7 +1,7 @@
MIT/X Consortium License
(C)opyright MMV-MMVI Anselm R. Garbe <garbeam@wmii.de>
-(C)opyright MMV-MMVII Nico Golde <nico at ngolde dot de>
+(C)opyright MMV-MMVIII Nico Golde <nico at ngolde dot de>
Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
diff --git a/README b/README
index a677380..585b326 100644
--- a/README
+++ b/README
@@ -1,17 +1,17 @@
Abstract
--------
-ii is a minimalistic FIFO and filesystem based IRC client.
-It creates an irc directory tree with server, channel and
-nick name directories.
-In every directory a FIFO file (in) and and normal file (out)
-is placed.
-The in file is used to communicate with the servers and the out
-files include the server messages. For every channel and every nick
-name there will be new in and out files.
-The basic idea of this is to be able to communicate with an IRC
-server with standard command line tools.
-For example if you want to join a channel just do echo "/j #channel" > in
-and ii creates a new channel directory with in and out file.
+ii is a minimalistic FIFO and filesystem based IRC client. It creates an irc
+directory tree with server, channel and nick name directories. In every
+directory a FIFO file (in) and and normal file (out) is placed.
+
+The in file is used to communicate with the servers and the out files include
+the server messages. For every channel and every nick name there will be new in
+and out files.
+
+The basic idea of this is to be able to communicate with an IRC server with
+standard command line tools. For example if you want to join a channel just do
+echo "/j #channel" > in and ii creates a new channel directory with in and out
+file.
Installation
------------
@@ -32,10 +32,12 @@ program and for example with vim. Run vim in the server directory and use
key mapping like:
map w1 :.w >> \#ii/in<cr>
map w2 :.w >> \#wmii/in<cr>
-to post to channels.
+to post to channels.
+
If you use the next editor line for a new posting you can use ctrl-p for nick
completion if you wrote the nick in the past.
Thanks to Matthias Kopfermann for this hint.
+
You can find an example of how this nested environment could look like on:
http://nion.modprobe.de/blog/archives/440-Using-the-ii-irc-client.html
@@ -46,7 +48,7 @@ No configuration is needed.
Changelog
---------
Since I missed the chance to add a proper changelog right from the beginning,
-please have a look at the commit messages on http://www.suckless.org/hg.rc/ii
+please have a look at the commit messages on http://code.suckless.org/hg/ii/
they are fairly descriptive on releases prior to 1.2.
Contact
diff --git a/config.mk b/config.mk
index f9cabd2..ac9a047 100644
--- a/config.mk
+++ b/config.mk
@@ -12,7 +12,7 @@ DESTDIR =
INCDIR = ${PREFIX}/include
LIBDIR = ${PREFIX}/lib
-VERSION = 1.3
+VERSION = 1.4
# includes and libs
INCLUDES = -I. -I${INCDIR} -I/usr/include
diff --git a/ii.1 b/ii.1
index 5d80bbc..26d73a1 100644
--- a/ii.1
+++ b/ii.1
@@ -44,6 +44,8 @@ lets you override the default port (6667)
.TP
.BI \-k " password"
lets you use a password to authenticate your nick on the server
+(be aware of the problem that this is visible in the process list, if you
+don't want this use a query to submit your password)
.TP
.BI \-i " prefix"
lets you override the default irc path (~/irc)
@@ -87,7 +89,7 @@ Write wrappers, pagers or use your tools of choice to display the out file conte
Write to ii (at) modprobe (dot) de for suggestions, fixes, 7|-|>< ;) etc.
.SH AUTHORS
Copyright \(co 2005-2006 by Anselm R. Garbe <garbeam (at) gmail (dot) com> and
-Copyright \(co 2005-2007 by Nico Golde <nico (at) ngolde (dot) de>
+Copyright \(co 2005-2008 by Nico Golde <nico (at) ngolde (dot) de>
.SH SEE ALSO
.BR echo (1),
.BR tail (1),
diff --git a/ii.c b/ii.c
index 1fd2df9..e7d5528 100644
--- a/ii.c
+++ b/ii.c
@@ -52,9 +52,12 @@ static void usage() {
" [-n <nick>] [-k <password>] [-f <fullname>]\n");
exit(EXIT_SUCCESS);
}
-static char *lower(char *s) {
+static char *striplower(char *s) {
char *p = NULL;
- for(p = s; p && *p; p++) *p = tolower(*p);
+ for(p = s; p && *p; p++) {
+ if(*p == '/') *p = '_';
+ *p = tolower(*p);
+ }
return s;
}
@@ -79,10 +82,10 @@ static void create_dirtree(const char *dir) {
static int get_filepath(char *filepath, size_t len, char *channel, char *file) {
if(channel) {
- if(!snprintf(filepath, len, "%s/%s", path, lower(channel)))
+ if(!snprintf(filepath, len, "%s/%s", path, striplower(channel)))
return 0;
create_dirtree(filepath);
- return snprintf(filepath, len, "%s/%s/%s", path,lower(channel), file);
+ return snprintf(filepath, len, "%s/%s/%s", path, striplower(channel), file);
}
return snprintf(filepath, len, "%s/%s", path, file);
}
@@ -200,10 +203,8 @@ static size_t tokenize(char **result, size_t reslen, char *str, char delim) {
}
static void print_out(char *channel, char *buf) {
- static char outfile[256];
- static char server[256];
- FILE *out;
- static char buft[18];
+ static char outfile[256], server[256], buft[18];
+ FILE *out = NULL;
time_t t = time(0);
if(channel) snprintf(server, sizeof(server), "-!- %s", channel);
@@ -300,8 +301,7 @@ static void proc_server_cmd(char *buf) {
for(i = 0; i < TOK_LAST; i++)
argv[i] = NULL;
- /*
- <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf>
+ /* <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf>
<prefix> ::= <servername> | <nick> [ '!' <user> ] [ '@' <host> ]
<command> ::= <letter> { <letter> } | <number> <number> <number>
<SPACE> ::= ' ' { ' ' }
@@ -309,8 +309,8 @@ static void proc_server_cmd(char *buf) {
<middle> ::= <Any *non-empty* sequence of octets not including SPACE
or NUL or CR or LF, the first of which may not be ':'>
<trailing> ::= <Any, possibly *empty*, sequence of octets not including NUL or CR or LF>
- <crlf> ::= CR LF
- */
+ <crlf> ::= CR LF */
+
if(buf[0] == ':') { /* check prefix */
if (!(p = strchr(buf, ' '))) return;
*p = 0;
@@ -462,9 +462,8 @@ int main(int argc, char *argv[]) {
int i;
unsigned short port = SERVER_PORT;
struct passwd *spw = getpwuid(getuid());
- char *key = NULL;
+ char *key = NULL, *fullname = NULL;
char prefix[_POSIX_PATH_MAX];
- char *fullname = NULL;
if(!spw) {
fprintf(stderr,"ii: getpwuid() failed\n");