security fix: webadmin/add channel: correctly handle channel names. bug #507794

(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key EB9B4AFA)

3 files changed, 247 insertions, 2 deletions

diff --git a/net-irc/znc/ChangeLog b/net-irc/znc/ChangeLog
index 7c281cbef6d7..8fbf1d7fc330 100644
--- a/net-irc/znc/ChangeLog
+++ b/net-irc/znc/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-irc/znc
-# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/znc/ChangeLog,v 1.69 2013/11/14 11:35:35 wired Exp $
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-irc/znc/ChangeLog,v 1.70 2014/04/18 07:25:40 wired Exp $
+
+*znc-1.2-r1 (18 Apr 2014)
+
+  18 Apr 2014; Alex Alexander <wired@gentoo.org> +znc-1.2-r1.ebuild,
+  +files/znc-1.2-webadmin-correctly-handle-channel-names.patch:
+  security fix: webadmin/add channel: correctly handle channel names. bug
+  #507794
 
 *znc-1.2 (14 Nov 2013)
 
diff --git a/net-irc/znc/files/znc-1.2-webadmin-correctly-handle-channel-names.patch b/net-irc/znc/files/znc-1.2-webadmin-correctly-handle-channel-names.patch
new file mode 100644
index 000000000000..93705f77ecb3
--- /dev/null
+++ b/net-irc/znc/files/znc-1.2-webadmin-correctly-handle-channel-names.patch
@@ -0,0 +1,73 @@
+https://bugs.gentoo.org/show_bug.cgi?id=507794
+
+From 5e6e3be32acfeadeaf1fb3bb17bada08aec6432f Mon Sep 17 00:00:00 2001
+From: Uli Schlachter <psychon@znc.in>
+Date: Sun, 13 Apr 2014 20:36:55 +0200
+Subject: [PATCH] webadmin/add channel: Correctly handle channel names
+
+The CChan constructor makes sure that the channel name begins with a valid
+channel prefix. Thus, this could change the name of the resulting channel.
+
+When you edited an irc network which already had a channel "#foo", were
+connected to IRC (so ZNC knows which prefixes are valid) and added a channel
+"foo", this would lead to a problem:
+
+Webadmin checks and sees that there is no channel "foo" yet. Webadmin creates a
+new CChan instance for "foo". The CChan constructor notices that "f" is not a
+valid channel prefix and instead calls itself "#foo". Then,
+CIRCNetwork::AddChan() would see that this channel already exists, delete the
+given channel and return false.
+
+However, webadmin didn't check this result and would continue changing settings
+on an already destroyed CChan instance.
+
+Fix this by checking if the channel exists after CChan had its chance to mess
+with the channel name. Also handle failures from CIRCNetwork::AddChan().
+
+Fixes #528.
+
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ modules/webadmin.cpp | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
+index 40a28d3..90ddfd2 100644
+--- a/modules/webadmin.cpp
++++ b/modules/webadmin.cpp
+@@ -668,13 +668,19 @@ class CWebAdminMod : public CModule {
+ 				return true;
+ 			}
+ 
+-			if (pNetwork->FindChan(sChanName.Token(0))) {
+-				WebSock.PrintErrorPage("Channel [" + sChanName.Token(0) + "] already exists");
++			// This could change the channel name and e.g. add a "#" prefix
++			pChan = new CChan(sChanName, pNetwork, true);
++
++			if (pNetwork->FindChan(pChan->GetName())) {
++				WebSock.PrintErrorPage("Channel [" + pChan->GetName() + "] already exists");
++				delete pChan;
+ 				return true;
+ 			}
+ 
+-			pChan = new CChan(sChanName, pNetwork, true);
+-			pNetwork->AddChan(pChan);
++			if (!pNetwork->AddChan(pChan)) {
++				WebSock.PrintErrorPage("Could not add channel [" + pChan->GetName() + "]");
++				return true;
++			}
+ 		}
+ 
+ 		pChan->SetBufferCount(WebSock.GetParam("buffercount").ToUInt(), spSession->IsAdmin());
+@@ -700,7 +706,7 @@ class CWebAdminMod : public CModule {
+ 
+ 		CTemplate TmplMod;
+ 		TmplMod["User"] = pUser->GetUserName();
+-		TmplMod["ChanName"] = sChanName;
++		TmplMod["ChanName"] = pChan->GetName();
+ 		TmplMod["WebadminAction"] = "change";
+ 		FOR_EACH_MODULE(it, pNetwork) {
+ 			(*it)->OnEmbeddedWebRequest(WebSock, "webadmin/channel", TmplMod);
+-- 
+1.9.1
+
diff --git a/net-irc/znc/znc-1.2-r1.ebuild b/net-irc/znc/znc-1.2-r1.ebuild
new file mode 100644
index 000000000000..9b65bd7e3f35
--- /dev/null
+++ b/net-irc/znc/znc-1.2-r1.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-irc/znc/znc-1.2-r1.ebuild,v 1.1 2014/04/18 07:25:40 wired Exp $
+
+EAPI=5
+
+PYTHON_COMPAT=( python{3_2,3_3} )
+inherit base python-single-r1 user
+
+MY_PV=${PV/_/-}
+DESCRIPTION="An advanced IRC Bouncer"
+
+if [[ ${PV} == *9999* ]]; then
+	inherit git-2
+	EGIT_REPO_URI=${EGIT_REPO_URI:-"git://github.com/znc/znc.git"}
+	SRC_URI=""
+	KEYWORDS=""
+else
+	SRC_URI="http://znc.in/releases/${PN}-${MY_PV}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~x86"
+fi
+
+HOMEPAGE="http://znc.in"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="daemon debug ipv6 perl python ssl sasl tcl"
+
+RDEPEND="
+	perl? ( >=dev-lang/perl-5.10 )
+	sasl? ( >=dev-libs/cyrus-sasl-2 )
+	ssl? ( >=dev-libs/openssl-0.9.7d )
+	tcl? ( dev-lang/tcl )
+"
+DEPEND="
+	virtual/pkgconfig
+	perl? ( dev-lang/swig )
+	python? (
+		>=dev-lang/swig-2.0.8
+		>=dev-lang/perl-5.10
+	)
+	${RDEPEND}
+"
+
+S=${WORKDIR}/${PN}-${MY_PV}
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.0-systemwideconfig.patch"
+	"${FILESDIR}/${P}-webadmin-correctly-handle-channel-names.patch"
+)
+
+CONFDIR="/var/lib/znc"
+
+pkg_setup() {
+	if use python; then
+		python-single-r1_pkg_setup
+	fi
+	if use daemon; then
+		enewgroup ${PN}
+		enewuser ${PN} -1 -1 /dev/null ${PN}
+	fi
+}
+
+src_prepare() {
+	if [[ ${PV} == *9999* ]]; then
+		./autogen.sh
+	fi
+
+	base_src_prepare
+}
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_enable ipv6) \
+		$(use_enable perl) \
+		$(use python && echo "--enable-python=python3") \
+		$(use_enable sasl cyrus) \
+		$(use_enable ssl openssl) \
+		$(use_enable tcl tcl)
+}
+
+src_install() {
+	emake install DESTDIR="${D}"
+	dodoc NOTICE README.md
+	if use daemon; then
+		newinitd "${FILESDIR}"/znc.initd znc
+		newconfd "${FILESDIR}"/znc.confd znc
+	fi
+}
+
+pkg_postinst() {
+	if use !daemon; then
+		elog
+		elog "Run 'znc --makeconf' as the user you want to run ZNC as"
+		elog "to make a configuration file"
+		elog "If you are using SSL you should also run 'znc --makepem'"
+		elog
+	else
+		elog
+		elog "An init-script was installed in /etc/init.d"
+		elog "A config file was installed in /etc/conf.d"
+		if [[ ! -d "${EROOT}${CONFDIR}" ]]; then
+			elog
+			elog "Run 'emerge --config znc' to configure ZNC"
+			elog "as a system-wide daemon."
+			elog
+			elog "If you are using SSL you should also run:"
+			elog "  znc --system-wide-config-as znc --makepem -d ${CONFDIR}"
+			elog "as root"
+			elog
+			elog "If migrating from a user-based install"
+			elog "you can use your existing config files:"
+			elog "  mkdir ${CONFDIR}"
+			elog "  mv /home/\$USER/.znc/* ${CONFDIR}"
+			elog "  rm -rf /home/\$USER/.znc"
+			elog "  chown -R znc:znc ${CONFDIR}"
+			elog
+			elog "If you already have znc set up and want take advantage of the"
+			elog "init script but skip of all the above, you can also edit"
+			elog "  /etc/conf.d/znc"
+			elog "and adjust the variables to your current znc user and config"
+			elog "location."
+			if [[ -d "${EROOT}"/etc/znc ]]; then
+				elog
+				ewarn "/etc/znc exists on your system."
+				ewarn "Due to the nature of the contents of that folder,"
+				ewarn "we have changed the default configuration to use"
+				ewarn "	/var/lib/znc"
+				ewarn "please move /etc/znc to /var/lib/znc"
+				ewarn "or adjust /etc/conf.d/znc"
+			fi
+		else
+			elog "Existing config detected in ${CONFDIR}"
+			elog "You're good to go :)"
+		fi
+		elog
+	fi
+}
+
+pkg_config() {
+	if use daemon && ! [[ -d "${EROOT}${CONFDIR}" ]]; then
+		einfo "Press ENTER to interactively create a new configuration file for znc."
+		einfo "To abort, press Control-C"
+		read
+		mkdir -p "${EROOT}${CONFDIR}" || die
+		chown -R ${PN}:${PN} "${EROOT}${CONFDIR}" ||
+			die "Setting permissions failed"
+		"${EROOT}"/usr/bin/znc --system-wide-config-as znc -c -r -d "${EROOT}${CONFDIR}" ||
+			die "Config failed"
+		echo
+		einfo "To start znc, run '/etc/init.d/znc start'"
+		einfo "or add znc to a runlevel:"
+		einfo "  rc-update add znc default"
+	else
+		if use daemon; then
+			ewarn "${CONFDIR} already exists, aborting to avoid damaging"
+			ewarn "any existing configuration. If you are sure you want"
+			ewarn "to generate a new configuration, remove the folder"
+			ewarn "and try again."
+		else
+			ewarn "To configure znc as a system-wide daemon you have to"
+			ewarn "enable the 'daemon' use flag."
+		fi
+	fi
+}