Skip to content

Commit a7bfbd9

Browse files
committed
Don't let attackers inject rogue values into znc.conf
Because of this vulnerability, existing ZNC users could get Admin permissions. Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
1 parent 2058aa0 commit a7bfbd9

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

Diff for: src/Config.cpp

+10-3
Original file line numberDiff line numberDiff line change
@@ -174,19 +174,26 @@ bool CConfig::Parse(CFile& file, CString& sErrorMsg) {
174174
void CConfig::Write(CFile& File, unsigned int iIndentation) {
175175
CString sIndentation = CString(iIndentation, '\t');
176176

177+
auto SingleLine = [](const CString& s) {
178+
return s.Replace_n("\r", "").Replace_n("\n", "");
179+
};
180+
177181
for (const auto& it : m_ConfigEntries) {
178182
for (const CString& sValue : it.second) {
179-
File.Write(sIndentation + it.first + " = " + sValue + "\n");
183+
File.Write(SingleLine(sIndentation + it.first + " = " + sValue) +
184+
"\n");
180185
}
181186
}
182187

183188
for (const auto& it : m_SubConfigs) {
184189
for (const auto& it2 : it.second) {
185190
File.Write("\n");
186191

187-
File.Write(sIndentation + "<" + it.first + " " + it2.first + ">\n");
192+
File.Write(SingleLine(sIndentation + "<" + it.first + " " +
193+
it2.first + ">") +
194+
"\n");
188195
it2.second.m_pSubConfig->Write(File, iIndentation + 1);
189-
File.Write(sIndentation + "</" + it.first + ">\n");
196+
File.Write(SingleLine(sIndentation + "</" + it.first + ">") + "\n");
190197
}
191198
}
192199
}

0 commit comments

Comments
 (0)