Skip to content
Permalink
Browse files Browse the repository at this point in the history
Don't let attackers inject rogue values into znc.conf
Because of this vulnerability, existing ZNC users could get Admin
permissions.

Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
  • Loading branch information
DarthGandalf committed Jul 14, 2018
1 parent 2058aa0 commit a7bfbd9
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/Config.cpp
Expand Up @@ -174,19 +174,26 @@ bool CConfig::Parse(CFile& file, CString& sErrorMsg) {
void CConfig::Write(CFile& File, unsigned int iIndentation) {
CString sIndentation = CString(iIndentation, '\t');

auto SingleLine = [](const CString& s) {
return s.Replace_n("\r", "").Replace_n("\n", "");
};

for (const auto& it : m_ConfigEntries) {
for (const CString& sValue : it.second) {
File.Write(sIndentation + it.first + " = " + sValue + "\n");
File.Write(SingleLine(sIndentation + it.first + " = " + sValue) +
"\n");
}
}

for (const auto& it : m_SubConfigs) {
for (const auto& it2 : it.second) {
File.Write("\n");

File.Write(sIndentation + "<" + it.first + " " + it2.first + ">\n");
File.Write(SingleLine(sIndentation + "<" + it.first + " " +
it2.first + ">") +
"\n");
it2.second.m_pSubConfig->Write(File, iIndentation + 1);
File.Write(sIndentation + "</" + it.first + ">\n");
File.Write(SingleLine(sIndentation + "</" + it.first + ">") + "\n");
}
}
}

0 comments on commit a7bfbd9

Please sign in to comment.