A null pointer dereference was found in ZNC 1.0 in the webadmin module
which can be triggered by non-admins and cause denial of service[0].
Thanks in advance.
References:
[0] https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28
[1] https://secunia.com/advisories/53450/
modules/webadmin.cpp
@@ -426,7 +426,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
@@ -455,7 +455,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
@@ -479,7 +479,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
@@ -493,7 +493,7 @@ class CWebAdminMod : public CModule {
CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
// Admin||Self Check
- if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+ if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
return false;
}
