summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorepochqwert <epoch@hacking.allowed.org>2019-03-12 18:28:45 +0000
committerepochqwert <epoch@hacking.allowed.org>2019-03-12 18:28:45 +0000
commitd20035078f7beab3c382763528843096f80bde15 (patch)
tree653009277e1082920fab4bb5642abdbb3de04a8c
parent436e32179eb21f69ad05ae731da4da3b5b770e00 (diff)
downloadsegfault-d20035078f7beab3c382763528843096f80bde15.tar.gz
segfault-d20035078f7beab3c382763528843096f80bde15.zip
fixed a bug where I free()d the wrong thing in format_magic
-rw-r--r--segfault.c178
1 files changed, 118 insertions, 60 deletions
diff --git a/segfault.c b/segfault.c
index e04a504..9e6ec6c 100644
--- a/segfault.c
+++ b/segfault.c
@@ -13,6 +13,7 @@
#include <sys/stat.h>
#include <sys/resource.h>
#include <signal.h>
+#include <syslog.h>
//epoch's libraries.
#include <irc.h>
@@ -39,8 +40,8 @@ char *strndup(char *s,int l) {
#define LINES_SENT_LIMIT 1
#define LINELEN 400
#define SEGHOMELEN 1024
-#define RAWLOG "./files/rawlog"
-#define LOG "./files/log"
+#define RAWLOG "/home/segfault/files/rawlog"
+#define LOG "/home/segfault/files/log"
#define BS 4096
// !c uses 56 for its tail.
// 56 == 32 + 16 + 8 == 0x38 == 0x20+0x10+0x8 == SPAM | BEGIN | MSG
@@ -59,8 +60,10 @@ char *strndup(char *s,int l) {
struct user *myuser;
char pid[6];
+char time_str[16];
char mode_magic;
char snooty;
+char message_handler_trace;
int start_time;
char *redo;
int redirect_to_fd;
@@ -217,10 +220,11 @@ char *format_magic(int fd,char *from,struct user *user,char *orig_fmt,char *arg)
char *output,*fmt,*argCopy;
char **args,**notargs;
char *argN[10],randC[10][2]={"0","1","2","3","4","5","6","7","8","9"};
+ snprintf(time_str,sizeof(time_str)-1,"%d",time(0));
for(i=0;i<256;i++) {
magic[i]=0;
}
- if(!arg) arg="%s";
+ if(!arg) arg="";//does anything depend on this weird thing?
if(!(argCopy=strdup(arg))) return 0;
argN[0]=argCopy;
for(j=1;(argCopy=strchr(argCopy,' ')) && j < 10;j++) {
@@ -250,8 +254,10 @@ char *format_magic(int fd,char *from,struct user *user,char *orig_fmt,char *arg)
magic['~']=seghome;
magic['f']=(from?from:"from");
magic['p']=pid;
+ magic['t']=time_str;
magic['s']=(arg?arg:"arg");
- magic['A']="\x01";
+ magic['A']="\x01";//for ctcp and action
+ magic['C']="\x03";//for colors
magic['0']=argN[0];
magic['1']=argN[1];
magic['2']=argN[2];
@@ -285,7 +291,7 @@ char *format_magic(int fd,char *from,struct user *user,char *orig_fmt,char *arg)
} else if(magic[fmt[i]] > 0) {
args[c]=magic[fmt[i]];
} else {
- args[c]="DERP";
+ args[c]="INVALID MAGIC";
}
fmt[i-1]=0;
if(!(fmt+j)) exit(68);
@@ -309,7 +315,7 @@ char *format_magic(int fd,char *from,struct user *user,char *orig_fmt,char *arg)
strcat(output,notargs[i]);
output[sz]=0;
free(fmt);
- free(argCopy);
+ free(argN[0]);
return output;
}
@@ -376,16 +382,16 @@ void extra_handler(int fd) {
if(strchr(tmp,'\n')) *strchr(tmp,'\n')=0;
if(tailf[i].opt & TAILO_EVAL) {//eval
if(tailf[i].opt & TAILO_FORMAT) {
- tmp2=format_magic(fd,tailf[i].to,tailf[i].user,tmp,tailf[i].args);
+ tmp2=format_magic(fd,tailf[i].to,tailf[i].user,tmp,tailf[i].args);//the line read is the format string.
message_handler(fd,tailf[i].to,tailf[i].user,tmp2,1);
free(tmp2);
} else {
//this will crash.
tmp2=strdup(tmp);
message_handler(fd,tailf[i].to,tailf[i].user,tmp2,1);
- printf("tmp2 in crashing place: %p\n",tmp2);
+ //printf("tmp2 in crashing place: %p\n",tmp2);
}
- printf("OHAI. WE SURVIVED!\n");
+ //printf("OHAI. WE SURVIVED!\n");
}
if(tailf[i].opt & TAILO_RAW) {//raw
tmp2=malloc(strlen(tmp)+4);
@@ -394,7 +400,12 @@ void extra_handler(int fd) {
free(tmp2);
}
if(tailf[i].opt & TAILO_MSG) {//just msg the lines.
- privmsg(fd,tailf[i].to,tmp);
+ if(tailf[i].opt & TAILO_FORMAT && tailf[i].args) {
+ tmp2=format_magic(fd,tailf[i].to,tailf[i].user,tailf[i].args,tmp);//the args is the format string.
+ privmsg(fd,tailf[i].to,tmp2);
+ } else {
+ privmsg(fd,tailf[i].to,tmp);
+ }
}
if(tailf[i].lines >= line_limit && (tailf[i].opt & TAILO_SPAM)) {
tailf[i].lines=-1; //lock it.
@@ -502,10 +513,10 @@ void c_leettail(int fd,char *from,char *file,struct user *user,...) {
int d;
int n;
if(!file) {
- privmsg(fd,from,"!leettail NNfilename");
- privmsg(fd,from,"!leettail NNNfilename");
- privmsg(fd,from,"!leettail NN#channel:filename");
- privmsg(fd,from,"!leettail NNN#channel:filename");
+ privmsg(fd,from,"!leettail NNfilename [format]");
+ privmsg(fd,from,"!leettail NNNfilename [format]");
+ privmsg(fd,from,"!leettail NN#channel:filename [format]");
+ privmsg(fd,from,"!leettail NNN#channel:filename [format]");
return;
}
if(file[0]) {
@@ -572,6 +583,7 @@ void c_changetail(int fd,char *from,char *line,struct user *user,...) {
if(!strcmp(tailf[i].file,line) || tailf[i].inode == st.st_ino) {
free(tailf[i].to);
tailf[i].to=0;
+ tailf[i].user=user;//memory leak?
if(!merp) exit(76);
tailf[i].to=strdup(merp);
if(mode) {
@@ -923,8 +935,14 @@ void c_tails(int fd,char *from,...) {
char *recording,recording_raw;
void c_record(int fd,char *from,char *line,...) {
+ char tmp[512];
if(!line) {
privmsg(fd,from,"usage: !record format_string");
+ if(recording) {
+ snprintf(tmp,sizeof(tmp)-1,"currently recording to: %s with format string: %s",LOG,recording);
+ privmsg(fd,from,tmp);
+ }
+ else privmsg(fd,from,"not recording.");
return;
}
if(*line == '0' && *(line+1) == 0) {
@@ -935,15 +953,24 @@ void c_record(int fd,char *from,char *line,...) {
}
else {
recording=strdup(line);
- unlink(LOG);
+ if(unlink(LOG) == -1) {
+ privmsg(fd,from,"failed to unlink log file!");
+ privmsg(fd,from,strerror(errno));
+ }
privmsg(fd,from,"recording IRC.");
}
privmsg(fd,from,recording?"1":"0");
}
void c_rawrecord(int fd,char *from,char *line,...) {
+ char tmp[512];
if(!line) {
privmsg(fd,from,"usage: !rawrecord 0|1");
+ if(recording_raw) {
+ snprintf(tmp,sizeof(tmp)-1,"currently recording to: %s",RAWLOG);
+ privmsg(fd,from,tmp);
+ }
+ else privmsg(fd,from,"not recording.");
return;
}
if(*line == '0') {
@@ -996,6 +1023,9 @@ void c_linelimit(int fd,char *from,char *msg,...) {
if(snooty) privmsg(fd,from,"I will only listen to you if you address me directly.");
else privmsg(fd,from,"I will listen to any commands, no need to address me directly.");
}
+ if(msg[0] == 'c') {
+ message_handler_trace^=1;
+ }
if(atoi(msg) > 0) {
line_limit=atoi(msg);
snprintf(tmp,255,"spam line limit set to: %d",line_limit);
@@ -1005,7 +1035,7 @@ void c_linelimit(int fd,char *from,char *msg,...) {
privmsg(fd,from,"hidden feature! negative line limit flips debug bit.");
debug^=1;
} else {
- privmsg(fd,from,"something else!");
+ //privmsg(fd,from,"something else!");
}
}
}
@@ -1055,7 +1085,11 @@ void message_handler(int fd,char *from,struct user *user,char *msg,int redones)
char to_me;
int len;
int sz;
- printf("message_handler: entry: message: '%s' redones: %d\n",msg,redones);
+// printf("message_handler: entry: message: '%s' redones: %d\n",msg,redones);
+ if(redones && message_handler_trace) {
+ snprintf(tmp,sizeof(tmp)-1,"trace: n: %s u: %s h: %s message '%s' redones: '%d'",user->nick,user->user,user->host,msg,redones);
+ privmsg(fd,from,tmp);
+ }
if(redirect_to_fd != -1) {
fd=redirect_to_fd;
}
@@ -1068,6 +1102,7 @@ void message_handler(int fd,char *from,struct user *user,char *msg,int redones)
debug_time(fd,from,"finished writing to log.");
}
+ //there's a bug here when directing a string to a nick but the * isn't part of the nick.
len=strchr(msg,'*')?strchr(msg,'*')-msg:strlen(myuser->nick);
to_me=0;
@@ -1091,9 +1126,9 @@ void message_handler(int fd,char *from,struct user *user,char *msg,int redones)
command[strlen(command)-1]=0;//remove the end \x01
*command=';';
}
- if(!strncmp(command,"s/",2)) {
- command[1]=' ';
- }
+// if(!strncmp(command,"s/",2)) {
+// command[1]=' ';
+// }
while(!strncmp(command,"lambda ",7)) {
command+=7;
command=format_magic(fd,from,user,command,command);
@@ -1110,10 +1145,15 @@ void message_handler(int fd,char *from,struct user *user,char *msg,int redones)
// free(args);
// }
}
- else if(redones < 5) {
+ else if(redones < RECURSE_LIMIT) {
debug_time(fd,from,"checking aliases...");
//command--;// :>
if((m=ht_getnode(&alias,command))) {
+ if(rand()%1000 == 0 && redones == 0) {
+ privmsg(fd,from,"I don't want to run that command right now.");
+ free(oldcommand);
+ return;
+ }
//sz=(strlen(command)-strlen(m->original)+strlen(m->target)+1);// what is this used for?
//??? why not use args?
redo=format_magic(fd,from,user,m->target,(command+strlen(m->original)+1));
@@ -1122,11 +1162,11 @@ void message_handler(int fd,char *from,struct user *user,char *msg,int redones)
free(redo);
redo=0;
free(oldcommand);
- printf("message_handler: leaving: msg: %s redones: %d\n",msg,redones);
+ //printf("message_handler: leaving: msg: %s redones: %d\n",msg,redones);
return;
}
debug_time(fd,from,"finished checking aliases. not found.");
- if((m=ht_getnode(&alias,"!chat"))) {
+ if((m=ht_getnode(&alias,"!chat"))) {//wtf is this for?
if(args) command[strlen(command)]=' ';//turn that null into a space!
command++;// :>
if(debug) {
@@ -1146,11 +1186,11 @@ void message_handler(int fd,char *from,struct user *user,char *msg,int redones)
privmsg(fd,from,tmp);
}
}
- if(redones > RECURSE_LIMIT) {
+ if(redones >= RECURSE_LIMIT) {
privmsg(fd,from,"I don't know if I'll ever get out of this alias hole you're telling me to dig. Fuck this.");
}
free(oldcommand);
- printf("message_handler: leaving: msg: %s redones: %d\n",msg,redones);
+ //printf("message_handler: leaving: msg: %s redones: %d\n",msg,redones);
}
void line_handler(int fd,char *line) {//this should be built into the libary?
@@ -1158,6 +1198,8 @@ void line_handler(int fd,char *line) {//this should be built into the libary?
struct user *user;
int i;
if(!(user=malloc(sizeof(struct user)))) exit(__LINE__);
+ memset(user,0,sizeof(struct user));
+ printf("line: %s\n",line);
if(recording_raw) {
append_file(fd,"epoch",RAWLOG,line,'\n');
}
@@ -1166,7 +1208,7 @@ void line_handler(int fd,char *line) {//this should be built into the libary?
struct entry *tmp2;
//line will be mangled by the cutter.
char **a=line_cutter(fd,line,user);
- if(!user->user && a[0]) { //server message
+ if(!user->user && a[0]) { //server message.
//:armitage.hacking.allowed.org 353 asdf = #default :@SegFault @FreeArtMan @foobaz @wall @Lamb3_13 @gizmore @blackh0le
strcpy(tmp,"!");
strcat(tmp,a[0]);
@@ -1176,14 +1218,15 @@ void line_handler(int fd,char *line) {//this should be built into the libary?
}
if((tmp2=ht_getnode(&alias,tmp)) != NULL) {
strcat(tmp," ");
- if(!(user->nick=strdup("epoch"))) exit(__LINE__);
- if(!(user->user=strdup("epoch"))) exit(__LINE__);
- if(!(user->host=strdup("localhost"))) exit(__LINE__);
+ int freenick=0,freeuser=0,freehost=0;
+ if(!user->nick) { if(!(user->nick=strdup("$UNDEF_NICK"))) exit(__LINE__); freenick=1;}
+ if(!user->user) { if(!(user->user=strdup("$UNDEF_USER"))) exit(__LINE__); freeuser=1;}
+ if(!user->host) { if(!(user->host=strdup("$UNDEF_HOST"))) exit(__LINE__); freehost=1;}
strcat(tmp,line2);
message_handler(fd,"#cmd",user,tmp,1);
- free(user->nick);
- free(user->user);
- free(user->host);
+ if(freenick) free(user->nick);
+ if(freeuser) free(user->user);
+ if(freehost) free(user->host);
}
}
free(line2);
@@ -1200,13 +1243,16 @@ void line_handler(int fd,char *line) {//this should be built into the libary?
if(a[0] && user->nick && a[1]) {
strcpy(tmp,";");
strcat(tmp,a[0]);
- if((ht_getnode(&alias,a[0])) != NULL) {
+ if((ht_getnode(&alias,tmp)) != NULL) {
for(i=0;a[i];i++) {
strcat(tmp," ");
strcat(tmp,a[i]);
}
message_handler(fd,"#cmd",user,tmp,1);
- }
+ }// else {
+ //privmsg(fd,"#cmd","couldn't find alias for:");
+ //privmsg(fd,"#cmd",a[0]);
+ //}
if(!strcmp(a[0],"JOIN")) {
irc_mode(fd,a[1],"+o",user->nick);
}
@@ -1220,6 +1266,10 @@ void line_handler(int fd,char *line) {//this should be built into the libary?
// snprintf(tmp,sizeof(tmp)-1,"KILL %s :don't fuck with me.\r\n",user->nick);
// mywrite(fd,tmp);
}
+ if(!strcmp(user->nick,myuser->nick) && !strcmp(a[0],"PART") ) {
+ snprintf(tmp,sizeof(tmp)-1,"JOIN %s\r\n",a[1]);
+ mywrite(fd,tmp);
+ }
if(!strcmp(a[0],"MODE") && mode_magic) {
if(strcmp(user->nick,myuser->nick)) {
if(a[2]) {
@@ -1254,8 +1304,13 @@ void line_handler(int fd,char *line) {//this should be built into the libary?
free(a);
}
+void sigpipe_handler(int sig) {
+ syslog(LOG_WARNING,"SegFault received a sigpipe! (ignoring it)");
+}
+
int main(int argc,char *argv[]) {
- signal(SIGSTOP,exit);
+ signal(SIGSTOP,exit);//prevent pausing
+ signal(SIGPIPE,sigpipe_handler);
int fd;
srand(time(0) + getpid());
struct passwd *pwd;
@@ -1263,33 +1318,35 @@ int main(int argc,char *argv[]) {
char *s,*p;
int c;
inittable(&builtin,TSIZE);
-#define BUILDIN(a,b) ht_setkey(&builtin,a,(void *)((union hack){(void (*)(int,...))b}.data))
- BUILDIN("!builtin",c_builtin);
- BUILDIN("!builtins",c_builtins);
- BUILDIN("!raw",c_raw);
- BUILDIN("!leetsetout",c_leetsetout);
- BUILDIN("!resetout",c_resetout);
- BUILDIN("!botup",c_botup);
- BUILDIN("!linelimit",c_linelimit);
- BUILDIN("!nick",c_nick);
- BUILDIN("!tailunlock",c_tailunlock);
- BUILDIN("!istaillocked",c_istaillocked);
- BUILDIN("!changetail",c_changetail);
- BUILDIN("!tails",c_tails);
- BUILDIN("!record",c_record);
- BUILDIN("!rawrecord",c_rawrecord);
- BUILDIN("!leettail",c_leettail);
- BUILDIN("!leetuntail",c_leetuntail);
- BUILDIN("!leetappend",c_leetappend);
- BUILDIN("!say",c_say);
- BUILDIN("!id",c_id);
- BUILDIN("!kill",c_kill);
- BUILDIN("!alias",c_alias_h);
- BUILDIN("!aliases",c_aliases_h);
- BUILDIN("!lobotomy",c_lobotomy);
- BUILDIN("!amnesia",c_amnesia);
+#define CMDCHR "!"
+#define BUILDIN(a,b) ht_setkey(&builtin,CMDCHR a,(void *)((union hack){(void (*)(int,...))b}.data))
+ BUILDIN("builtin",c_builtin);
+ BUILDIN("builtins",c_builtins);
+ BUILDIN("raw",c_raw);
+ BUILDIN("leetsetout",c_leetsetout);
+ BUILDIN("resetout",c_resetout);
+ BUILDIN("botup",c_botup);
+ BUILDIN("linelimit",c_linelimit);
+ BUILDIN("nick",c_nick);
+ BUILDIN("tailunlock",c_tailunlock);
+ BUILDIN("istaillocked",c_istaillocked);
+ BUILDIN("changetail",c_changetail);
+ BUILDIN("tails",c_tails);
+ BUILDIN("record",c_record);
+ BUILDIN("rawrecord",c_rawrecord);
+ BUILDIN("leettail",c_leettail);
+ BUILDIN("leetuntail",c_leetuntail);
+ BUILDIN("leetappend",c_leetappend);
+ BUILDIN("say",c_say);
+ BUILDIN("id",c_id);
+ BUILDIN("kill",c_kill);
+ BUILDIN("alias",c_alias_h);
+ BUILDIN("aliases",c_aliases_h);
+ BUILDIN("lobotomy",c_lobotomy);
+ BUILDIN("amnesia",c_amnesia);
mode_magic=1;
snooty=0;
+ message_handler_trace=0;
redirect_to_fd=-1;
debug=0;
lines_sent=0;
@@ -1338,5 +1395,6 @@ int main(int argc,char *argv[]) {
getcwd(seghome,SEGHOMELEN);
prestartup_stuff(fd);
if(fd == -1) return 0;
+ printf("server fd: %d\n",fd);
return runit(fd,line_handler,extra_handler);
}