Check if the mask is long enough before accessing it when checking extbans

7 files changed, 7 insertions, 7 deletions

diff --git a/src/channels.cpp b/src/channels.cpp
index 855fd0e15..883ae3954 100644
--- a/src/channels.cpp
+++ b/src/channels.cpp
@@ -449,7 +449,7 @@ bool Channel::CheckBan(User* user, const std::string& mask)
 		return (result == MOD_RES_DENY);
 
 	// extbans were handled above, if this is one it obviously didn't match
-	if (mask[1] == ':')
+	if ((mask.length() <= 2) || (mask[1] == ':'))
 		return false;
 
 	std::string::size_type at = mask.find('@');
diff --git a/src/modules/m_channelban.cpp b/src/modules/m_channelban.cpp
index 655ed82cd..8c5962f2a 100644
--- a/src/modules/m_channelban.cpp
+++ b/src/modules/m_channelban.cpp
@@ -42,7 +42,7 @@ class ModuleBadChannelExtban : public Module
 
 	ModResult OnCheckBan(User *user, Channel *c, const std::string& mask)
 	{
-		if (mask[0] == 'j' && mask[1] == ':')
+		if ((mask.length() > 2) && (mask[0] == 'j') && (mask[1] == ':'))
 		{
 			std::string rm = mask.substr(2);
 			char status = 0;
diff --git a/src/modules/m_gecosban.cpp b/src/modules/m_gecosban.cpp
index e7eca6d8f..73bfdb649 100644
--- a/src/modules/m_gecosban.cpp
+++ b/src/modules/m_gecosban.cpp
@@ -41,7 +41,7 @@ class ModuleGecosBan : public Module
 
 	ModResult OnCheckBan(User *user, Channel *c, const std::string& mask)
 	{
-		if (mask[0] == 'r' && mask[1] == ':')
+		if ((mask.length() > 2) && (mask[0] == 'r') && (mask[1] == ':'))
 		{
 			if (InspIRCd::Match(user->fullname, mask.substr(2)))
 				return MOD_RES_DENY;
diff --git a/src/modules/m_operchans.cpp b/src/modules/m_operchans.cpp
index 2e6fad79f..8db2a4041 100644
--- a/src/modules/m_operchans.cpp
+++ b/src/modules/m_operchans.cpp
@@ -59,7 +59,7 @@ class ModuleOperChans : public Module
 
 	ModResult OnCheckBan(User *user, Channel *c, const std::string& mask)
 	{
-		if (mask[0] == 'O' && mask[1] == ':')
+		if ((mask.length() > 2) && (mask[0] == 'O') && (mask[1] == ':'))
 		{
 			if (IS_OPER(user) && InspIRCd::Match(user->oper->name, mask.substr(2)))
 				return MOD_RES_DENY;
diff --git a/src/modules/m_serverban.cpp b/src/modules/m_serverban.cpp
index 541a56e54..ec38b4754 100644
--- a/src/modules/m_serverban.cpp
+++ b/src/modules/m_serverban.cpp
@@ -41,7 +41,7 @@ class ModuleServerBan : public Module
 
 	ModResult OnCheckBan(User *user, Channel *c, const std::string& mask)
 	{
-		if (mask[0] == 's' && mask[1] == ':')
+		if ((mask.length() > 2) && (mask[0] == 's') && (mask[1] == ':'))
 		{
 			if (InspIRCd::Match(user->server, mask.substr(2)))
 				return MOD_RES_DENY;
diff --git a/src/modules/m_services_account.cpp b/src/modules/m_services_account.cpp
index ac5338332..cc941d905 100644
--- a/src/modules/m_services_account.cpp
+++ b/src/modules/m_services_account.cpp
@@ -213,7 +213,7 @@ class ModuleServicesAccount : public Module
 		if (checking)
 			return MOD_RES_PASSTHRU;
 
-		if (mask[1] == ':')
+		if ((mask.length() > 2) && (mask[1] == ':'))
 		{
 			if (mask[0] == 'R')
 			{
diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp
index ef63b2511..f17f30907 100644
--- a/src/modules/m_sslmodes.cpp
+++ b/src/modules/m_sslmodes.cpp
@@ -113,7 +113,7 @@ class ModuleSSLModes : public Module
 
 	ModResult OnCheckBan(User *user, Channel *c, const std::string& mask)
 	{
-		if (mask[0] == 'z' && mask[1] == ':')
+		if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
 		{
 			UserCertificateRequest req(user, this);
 			req.Send();