ii

irc it, simple FIFO based irc client
git clone git://git.suckless.org/ii
Log | Files | Refs | README | LICENSE

commit 36ec5bc4250b500a4661949fa3c55ec06635bbaf
parent ddb0f6db0240c4f4766980a65678b168a52f3707
Author: Nico Golde <nion@suckless.org>
Date:   Sat,  9 Aug 2008 13:45:46 +0200

- prepare 1.4 release
- fix directory traversal using #../../ (not possible to overwrite arbitrary files, thus not marking as security fix)
- general cleanup
- documentation fixes (url, copyright, formatting)
Diffstat:
CHANGES | 8++++++++
LICENSE | 2+-
README | 30++++++++++++++++--------------
config.mk | 2+-
ii.1 | 4+++-
ii.c | 27+++++++++++++--------------
6 files changed, 42 insertions(+), 31 deletions(-)

diff --git a/CHANGES b/CHANGES @@ -1,3 +1,11 @@ +1.4 (2008-08-09): + - fix directory traversal on servers that support SAJOIN + NOTE: not marking as security relevant as it is only possible to + create directories outside (which is of course annoying) of the irc + hierarchy but not overwriting arbitrary files with the channel name. + - documentation fixes + - general cleanup + 1.3 (2007-07-14): - server messages about users (QUIT,JOIN) will no longer go to the user directories but to the server out file to diff --git a/LICENSE b/LICENSE @@ -1,7 +1,7 @@ MIT/X Consortium License (C)opyright MMV-MMVI Anselm R. Garbe <garbeam@wmii.de> -(C)opyright MMV-MMVII Nico Golde <nico at ngolde dot de> +(C)opyright MMV-MMVIII Nico Golde <nico at ngolde dot de> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), diff --git a/README b/README @@ -1,17 +1,17 @@ Abstract -------- -ii is a minimalistic FIFO and filesystem based IRC client. -It creates an irc directory tree with server, channel and -nick name directories. -In every directory a FIFO file (in) and and normal file (out) -is placed. -The in file is used to communicate with the servers and the out -files include the server messages. For every channel and every nick -name there will be new in and out files. -The basic idea of this is to be able to communicate with an IRC -server with standard command line tools. -For example if you want to join a channel just do echo "/j #channel" > in -and ii creates a new channel directory with in and out file. +ii is a minimalistic FIFO and filesystem based IRC client. It creates an irc +directory tree with server, channel and nick name directories. In every +directory a FIFO file (in) and and normal file (out) is placed. + +The in file is used to communicate with the servers and the out files include +the server messages. For every channel and every nick name there will be new in +and out files. + +The basic idea of this is to be able to communicate with an IRC server with +standard command line tools. For example if you want to join a channel just do +echo "/j #channel" > in and ii creates a new channel directory with in and out +file. Installation ------------ @@ -32,10 +32,12 @@ program and for example with vim. Run vim in the server directory and use key mapping like: map w1 :.w >> \#ii/in<cr> map w2 :.w >> \#wmii/in<cr> -to post to channels. +to post to channels. + If you use the next editor line for a new posting you can use ctrl-p for nick completion if you wrote the nick in the past. Thanks to Matthias Kopfermann for this hint. + You can find an example of how this nested environment could look like on: http://nion.modprobe.de/blog/archives/440-Using-the-ii-irc-client.html @@ -46,7 +48,7 @@ No configuration is needed. Changelog --------- Since I missed the chance to add a proper changelog right from the beginning, -please have a look at the commit messages on http://www.suckless.org/hg.rc/ii +please have a look at the commit messages on http://code.suckless.org/hg/ii/ they are fairly descriptive on releases prior to 1.2. Contact diff --git a/config.mk b/config.mk @@ -12,7 +12,7 @@ DESTDIR = INCDIR = ${PREFIX}/include LIBDIR = ${PREFIX}/lib -VERSION = 1.3 +VERSION = 1.4 # includes and libs INCLUDES = -I. -I${INCDIR} -I/usr/include diff --git a/ii.1 b/ii.1 @@ -44,6 +44,8 @@ lets you override the default port (6667) .TP .BI \-k " password" lets you use a password to authenticate your nick on the server +(be aware of the problem that this is visible in the process list, if you +don't want this use a query to submit your password) .TP .BI \-i " prefix" lets you override the default irc path (~/irc) @@ -87,7 +89,7 @@ Write wrappers, pagers or use your tools of choice to display the out file conte Write to ii (at) modprobe (dot) de for suggestions, fixes, 7|-|>< ;) etc. .SH AUTHORS Copyright \(co 2005-2006 by Anselm R. Garbe <garbeam (at) gmail (dot) com> and -Copyright \(co 2005-2007 by Nico Golde <nico (at) ngolde (dot) de> +Copyright \(co 2005-2008 by Nico Golde <nico (at) ngolde (dot) de> .SH SEE ALSO .BR echo (1), .BR tail (1), diff --git a/ii.c b/ii.c @@ -52,9 +52,12 @@ static void usage() { " [-n <nick>] [-k <password>] [-f <fullname>]\n"); exit(EXIT_SUCCESS); } -static char *lower(char *s) { +static char *striplower(char *s) { char *p = NULL; - for(p = s; p && *p; p++) *p = tolower(*p); + for(p = s; p && *p; p++) { + if(*p == '/') *p = '_'; + *p = tolower(*p); + } return s; } @@ -79,10 +82,10 @@ static void create_dirtree(const char *dir) { static int get_filepath(char *filepath, size_t len, char *channel, char *file) { if(channel) { - if(!snprintf(filepath, len, "%s/%s", path, lower(channel))) + if(!snprintf(filepath, len, "%s/%s", path, striplower(channel))) return 0; create_dirtree(filepath); - return snprintf(filepath, len, "%s/%s/%s", path,lower(channel), file); + return snprintf(filepath, len, "%s/%s/%s", path, striplower(channel), file); } return snprintf(filepath, len, "%s/%s", path, file); } @@ -200,10 +203,8 @@ static size_t tokenize(char **result, size_t reslen, char *str, char delim) { } static void print_out(char *channel, char *buf) { - static char outfile[256]; - static char server[256]; - FILE *out; - static char buft[18]; + static char outfile[256], server[256], buft[18]; + FILE *out = NULL; time_t t = time(0); if(channel) snprintf(server, sizeof(server), "-!- %s", channel); @@ -300,8 +301,7 @@ static void proc_server_cmd(char *buf) { for(i = 0; i < TOK_LAST; i++) argv[i] = NULL; - /* - <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf> + /* <message> ::= [':' <prefix> <SPACE> ] <command> <params> <crlf> <prefix> ::= <servername> | <nick> [ '!' <user> ] [ '@' <host> ] <command> ::= <letter> { <letter> } | <number> <number> <number> <SPACE> ::= ' ' { ' ' } @@ -309,8 +309,8 @@ static void proc_server_cmd(char *buf) { <middle> ::= <Any *non-empty* sequence of octets not including SPACE or NUL or CR or LF, the first of which may not be ':'> <trailing> ::= <Any, possibly *empty*, sequence of octets not including NUL or CR or LF> - <crlf> ::= CR LF - */ + <crlf> ::= CR LF */ + if(buf[0] == ':') { /* check prefix */ if (!(p = strchr(buf, ' '))) return; *p = 0; @@ -462,9 +462,8 @@ int main(int argc, char *argv[]) { int i; unsigned short port = SERVER_PORT; struct passwd *spw = getpwuid(getuid()); - char *key = NULL; + char *key = NULL, *fullname = NULL; char prefix[_POSIX_PATH_MAX]; - char *fullname = NULL; if(!spw) { fprintf(stderr,"ii: getpwuid() failed\n");