122 lines
5.0 KiB
Bash
122 lines
5.0 KiB
Bash
#!/bin/bash
|
|
#
|
|
# verify_fixes.sh - Verifică că toate fix-urile au fost aplicate corect
|
|
# Data: 23 Februarie 2026
|
|
#
|
|
|
|
echo "╔════════════════════════════════════════════════════════╗"
|
|
echo "║ VERIFICARE FIX-URI SECURITATE - Underchat IRCD ║"
|
|
echo "╚════════════════════════════════════════════════════════╝"
|
|
echo ""
|
|
|
|
FAILED=0
|
|
PASSED=0
|
|
|
|
# Funcție helper pentru verificare
|
|
check_fix() {
|
|
local file=$1
|
|
local pattern=$2
|
|
local description=$3
|
|
|
|
if grep -q "$pattern" "$file" 2>/dev/null; then
|
|
echo "✅ PASS: $description"
|
|
((PASSED++))
|
|
else
|
|
echo "❌ FAIL: $description"
|
|
echo " File: $file"
|
|
echo " Expected: $pattern"
|
|
((FAILED++))
|
|
fi
|
|
}
|
|
|
|
echo "═══ 1. Verificare ircd_limits.h ═══"
|
|
check_fix "include/ircd_limits.h" "MAX_SENDQ_USER" "Header ircd_limits.h există"
|
|
check_fix "include/ircd_limits.h" "MAX_RECVQ_USER" "RecvQ limits definite"
|
|
check_fix "include/ircd_limits.h" "MAX_INCOMPLETE_MESSAGE_TIMEOUT" "Timeout definit"
|
|
echo ""
|
|
|
|
echo "═══ 2. Verificare unsafe string operations ═══"
|
|
|
|
# s_user.c
|
|
check_fix "ircd/s_user.c" "ircd_strncpy(cli_name(new_client), nick, NICKLEN)" "s_user.c:744 - strcpy fixat"
|
|
check_fix "ircd/s_user.c" "ircd_strncpy(cli_name(sptr), nick, NICKLEN)" "s_user.c:859,867 - strcpy fixat"
|
|
|
|
# uping.c
|
|
check_fix "ircd/uping.c" "ircd_snprintf.*%10lu" "uping.c:290 - sprintf fixat"
|
|
check_fix "ircd/uping.c" "ircd_strncpy(pptr->name" "uping.c:425 - strcpy fixat"
|
|
|
|
# numnicks.c
|
|
check_fix "ircd/numnicks.c" "ircd_strncpy(cli_yxx" "numnicks.c:333 - strcpy fixat"
|
|
check_fix "ircd/numnicks.c" 'memcpy(buf, "AAAAAA", 7)' "numnicks.c:457 - strcpy fixat"
|
|
|
|
# m_whois.c
|
|
check_fix "ircd/m_whois.c" "strncat(markbufp" "m_whois.c:147-149 - strcat fixat"
|
|
|
|
# whocmds.c
|
|
check_fix "ircd/whocmds.c" 'memcpy(p1, " n/a", 5)' "whocmds.c:260 - strcpy fixat"
|
|
|
|
# s_conf.c
|
|
check_fix "ircd/s_conf.c" "memcpy(lp->value.cp, mark" "s_conf.c:1630 - strcpy fixat"
|
|
|
|
echo ""
|
|
|
|
echo "═══ 3. Verificare SendQ limits ═══"
|
|
check_fix "ircd/send.c" "#include \"ircd_limits.h\"" "send.c include ircd_limits.h"
|
|
check_fix "ircd/send.c" "MAX_SENDQ_USER" "SendQ limits implementate"
|
|
check_fix "ircd/send.c" "SendQ exceeded" "SendQ disconnect message"
|
|
echo ""
|
|
|
|
echo "═══ 4. Verificare RecvQ limits ═══"
|
|
check_fix "ircd/s_bsd.c" "#include \"ircd_limits.h\"" "s_bsd.c include ircd_limits.h"
|
|
check_fix "ircd/s_bsd.c" "MAX_RECVQ_USER" "RecvQ limits implementate"
|
|
check_fix "ircd/s_bsd.c" "RecvQ exceeded" "RecvQ disconnect message"
|
|
echo ""
|
|
|
|
echo "═══ 5. Verificare Incomplete Message Timeout ═══"
|
|
check_fix "ircd/s_bsd.c" "MAX_INCOMPLETE_MESSAGE_TIMEOUT" "Timeout implementat"
|
|
check_fix "ircd/s_bsd.c" "Incomplete message timeout" "Timeout disconnect message"
|
|
echo ""
|
|
|
|
echo "═══ 6. Verificare că nu mai există unsafe operations ═══"
|
|
|
|
# Verifică că nu mai există strcpy/sprintf/strcat în locurile critice
|
|
UNSAFE_COUNT=0
|
|
|
|
if grep -n "strcpy\|sprintf\|strcat" ircd/s_user.c ircd/uping.c ircd/numnicks.c ircd/m_whois.c ircd/whocmds.c ircd/s_conf.c 2>/dev/null | grep -v "Security fix\|ircd_strncpy\|ircd_snprintf\|strncat\|memcpy" | grep -v "^--$" > /tmp/unsafe_ops.txt; then
|
|
UNSAFE_COUNT=$(wc -l < /tmp/unsafe_ops.txt)
|
|
fi
|
|
|
|
if [ $UNSAFE_COUNT -eq 0 ]; then
|
|
echo "✅ PASS: Nu mai există unsafe string operations în fișierele fixate"
|
|
((PASSED++))
|
|
else
|
|
echo "⚠️ WARNING: Găsite $UNSAFE_COUNT operații potențial unsafe:"
|
|
cat /tmp/unsafe_ops.txt | head -10
|
|
echo " (verifică manual dacă sunt false positives)"
|
|
fi
|
|
rm -f /tmp/unsafe_ops.txt
|
|
|
|
echo ""
|
|
echo "╔════════════════════════════════════════════════════════╗"
|
|
echo "║ REZULTATE ║"
|
|
echo "╠════════════════════════════════════════════════════════╣"
|
|
echo "║ ✅ PASSED: $PASSED tests ║"
|
|
echo "║ ❌ FAILED: $FAILED tests ║"
|
|
echo "╚════════════════════════════════════════════════════════╝"
|
|
echo ""
|
|
|
|
if [ $FAILED -eq 0 ]; then
|
|
echo "🎉 SUCCESS! Toate fix-urile au fost aplicate corect!"
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Compilează: make clean && make"
|
|
echo " 2. Testează: ./ircd -f ircd.conf"
|
|
echo " 3. Load test: python3 tests/load_test.py localhost 6667 100 60"
|
|
exit 0
|
|
else
|
|
echo "❌ ERORI! Unele fix-uri nu au fost aplicate corect."
|
|
echo "Verifică manual fișierele menționate mai sus."
|
|
exit 1
|
|
fi
|
|
|