$OpenBSD: patch-modules_webadmin_cpp,v 1.1 2013/07/17 07:19:38 jasper Exp $

Security fix for CVE-2013-2130,
ZNC Multiple NULL Pointer Dereference Vulnerabilities

Patch from upstream:
https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28

--- modules/webadmin.cpp.orig	Tue Nov  6 17:02:20 2012
+++ modules/webadmin.cpp	Tue Jul 16 11:02:02 2013
@@ -404,7 +404,7 @@ class CWebAdminMod : public CModule { (public)
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
 
 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())){ 
 				return false;
 			}
 
@@ -433,7 +433,7 @@ class CWebAdminMod : public CModule { (public)
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
 
 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}
 
@@ -457,7 +457,7 @@ class CWebAdminMod : public CModule { (public)
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
 
 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}
 
@@ -471,7 +471,7 @@ class CWebAdminMod : public CModule { (public)
 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
 
 			// Admin||Self Check
-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
+			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
 				return false;
 			}
 
