elemental-ircd/modules
Sam Dodrill a5e296e4eb modules/m_sasl: sasl: fix regression introduced by sasl <-> auth_user integration.
This fixes the null-dereference reported on full-disclosure [1].  A
corrected analysis of the issue
follows below:

When SASL authentication completes, and auth_user is requested,
client_p->user may be NULL. Thusly accessing fields of client_p->user
may cause a null dereference. In these cases, aborting SASL auth
early is a correct interpretation of the IRCv3.1 specification.  The
code must handle this situation, which this commit corrects.

[1]: http://seclists.org/fulldisclosure/2014/Mar/320
2014-03-23 13:57:49 -07:00
..
core modules/core/m_metadata: Re-add support for the old metadata verbs and document the old metadata system. 2013-11-24 14:22:51 -08:00
.depend run autoconf, autoheader and make depend 2012-02-29 23:18:57 -05:00
.indent.pro [svn] - the new plan: 2007-01-24 22:40:21 -08:00
Makefile.in Add explicit support for being installed into a system triggered with --enable-fhs-paths. 2012-02-29 23:16:29 -05:00
m_accept.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_admin.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_away.c away-notify and away rate limiting added 2013-10-04 21:32:00 -07:00
m_cap.c clicaps: Disable away-notify for now 2014-03-20 07:42:29 -07:00
m_capab.c Ported m_capab Crash Exploit Fix from charybdis 2012-12-31 14:49:19 -05:00
m_certfp.c Pass certfp to other servers and show it in whois. Do not show it on connect. 2010-02-06 00:18:27 +01:00
m_challenge.c m_challenge: fix use of undefined behaviour. 2011-02-22 12:00:45 -05:00
m_chghost.c Allow / in spoofed hosts 2009-04-20 08:37:13 -05:00
m_close.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_cmessage.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_connect.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_dline.c Track who set a dline/kline/xline/resv as in ratbox3. 2010-03-01 01:23:22 +01:00
m_encap.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_etrace.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_help.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_info.c away-notify and away rate limiting added 2013-10-04 21:32:00 -07:00
m_invite.c Backed out changeset 3097ade953f5 2010-10-11 11:58:21 -04:00
m_ison.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_kline.c Fix various compiler warnings. 2010-03-27 20:09:46 +01:00
m_knock.c Backed out changeset 3097ade953f5 2010-10-11 11:58:21 -04:00
m_links.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_list.c Move list-related isupport items to the list module itself. 2011-01-06 00:40:08 -08:00
m_locops.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_lusers.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_map.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_monitor.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_motd.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_names.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_oper.c modules/m_oper: Prevent password guessing 2014-02-14 19:28:40 -08:00
m_operspy.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_pass.c Remove auth_user support from m_pass.c. It's pointless here and it breaks the functionality of having it in m_sasl which is actually useful.... 2010-11-25 03:22:02 -05:00
m_ping.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_pong.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_post.c modules/m_post: Fix s2s message framing issue 2013-11-11 21:14:19 -05:00
m_privs.c Backed out changeset 65db6ca26281 2010-02-25 15:11:43 -05:00
m_rehash.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_restart.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_resv.c Restore snotes, logs for UNRESV nick. 2010-03-27 16:24:13 +01:00
m_sasl.c modules/m_sasl: sasl: fix regression introduced by sasl <-> auth_user integration. 2014-03-23 13:57:49 -07:00
m_scan.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_services.c Merge account-notify and extended-join client capabilities 2013-09-29 05:24:52 -07:00
m_set.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_signon.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_snote.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_stats.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_svinfo.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_tb.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_testline.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_testmask.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_time.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_topic.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_trace.c hunt_server: Disallow wildcarded nicknames. 2011-01-08 17:47:05 +01:00
m_unreject.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_user.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_userhost.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_users.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_version.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_wallops.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_who.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_whois.c modules/m_whois: Allow clients to see their own umodes when whoising themselves 2013-12-27 09:32:49 -08:00
m_whowas.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
m_xline.c XLINE: Do not cluster unxlines ON specific servers. 2010-03-27 16:09:26 +01:00
sno_routing.c Removal of ancient SVN ID's part one 2010-06-10 21:22:44 -04:00
static_modules.c.SH [svn] - the new plan: 2007-01-24 22:40:21 -08:00