diff options
author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-03-24 15:33:51 +0000 |
---|---|---|
committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-03-24 15:33:51 +0000 |
commit | d129d452d391e56284672afee74ca90dee0e6580 (patch) | |
tree | aa1d254204dbc441585956192ae63db32390ac73 | |
parent | 68faac1836be5268d9a33cd0e60d1aa3c86962b0 (diff) |
Check validity (length) of all NICK parameters to make sure we're not introducing a dodgy client (such as one introduced by dmb's dodgy program)
Normally, NICK parameters longer than allowed are weeded out by CAPAB but sending CAPAB is optional.
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@6705 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r-- | src/modules/m_spanningtree/treesocket1.cpp | 55 |
1 files changed, 44 insertions, 11 deletions
diff --git a/src/modules/m_spanningtree/treesocket1.cpp b/src/modules/m_spanningtree/treesocket1.cpp index 008f0c98a..2ead91c8e 100644 --- a/src/modules/m_spanningtree/treesocket1.cpp +++ b/src/modules/m_spanningtree/treesocket1.cpp @@ -850,25 +850,60 @@ bool TreeSocket::ForceJoin(const std::string &source, std::deque<std::string> &p /** NICK command */ bool TreeSocket::IntroduceClient(const std::string &source, std::deque<std::string> ¶ms) { - if (params.size() < 8) - return true; - if (params.size() > 8) + /** Do we have enough parameters: + * NICK age nick host dhost ident +modes ip :gecos + */ + if (params.size() != 8) { this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction ("+params[1]+"?)"); return true; } - // NICK age nick host dhost ident +modes ip :gecos - // 0 1 2 3 4 5 6 7 - time_t age = atoi(params[0].c_str()); + time_t age = atoi(params[0].c_str()); const char* tempnick = params[1].c_str(); - Instance->Log(DEBUG,"New remote client %s",tempnick); + /** Check parameters for validity before introducing the client, discovered by dmb. + * XXX: Can we make this neater? + */ + if (!age) + { + this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction (Invalid TS?)"); + return true; + } + else if (params[1].length() > NICKMAX) + { + this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction ("+params[1]+" > NICKMAX?)"); + return true; + } + else if (params[2].length() > 64) + { + this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction ("+params[2]+" > 64?)"); + return true; + } + else if (params[3].length() > 64) + { + this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction ("+params[3]+" > 64?)"); + return true; + } + else if (params[4].length() > IDENTMAX) + { + this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction ("+params[4]+" > IDENTMAX?)"); + return true; + } + else if (params[7].length() > MAXGECOS) + { + this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+params[1]+" :Invalid client introduction ("+params[7]+" > MAXGECOS?)"); + return true; + } + + /** Our client looks ok, lets introduce it now + */ + Instance->Log(DEBUG,"New remote client %s",tempnick); user_hash::iterator iter = this->Instance->clientlist->find(tempnick); if (iter != this->Instance->clientlist->end()) { - // nick collision + /* nick collision */ this->WriteLine(std::string(":")+this->Instance->Config->ServerName+" KILL "+tempnick+" :Nickname collision"); userrec::QuitUser(this->Instance, iter->second, "Nickname collision"); return true; @@ -886,9 +921,7 @@ bool TreeSocket::IntroduceClient(const std::string &source, std::deque<std::stri _new->registered = REG_ALL; _new->signon = age; - /* - * we need to remove the + from the modestring, so we can do our stuff - */ + /* we need to remove the + from the modestring, so we can do our stuff */ std::string::size_type pos_after_plus = params[5].find_first_not_of('+'); if (pos_after_plus != std::string::npos) params[5] = params[5].substr(pos_after_plus); |