diff options
| -rw-r--r-- | src/modules/m_spanningtree/treesocket2.cpp | 17 | ||||
| -rw-r--r-- | src/modules/m_spanningtree/utils.cpp | 6 |
2 files changed, 21 insertions, 2 deletions
diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index dedf76786..ff5e7b203 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -815,6 +815,11 @@ bool TreeSocket::RemoteServer(const std::string &prefix, std::deque<std::string> this->SendError("Protocol error - Introduced remote server from unknown server "+prefix); return false; } + if (!Utils->IsSID(sid)) + { + this->SendError("Invalid format server ID: "+sid+"!"); + return false; + } TreeServer* CheckDupe = Utils->FindServer(servername); if (CheckDupe) { @@ -889,6 +894,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> ¶ms) return false; } + if (!Utils->IsSID(sid)) + { + this->SendError("Invalid format server ID: "+sid+"!"); + return false; + } + for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) { if ((x->Name == servername) && ((ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password)) || (x->RecvPass == password && (this->GetTheirChallenge().empty())))) @@ -960,6 +971,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> ¶ms) return false; } + if (!Utils->IsSID(sid)) + { + this->SendError("Invalid format server ID: "+sid+"!"); + return false; + } + for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) { if ((x->Name == servername) && ((ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password) || x->RecvPass == password && (this->GetTheirChallenge().empty())))) diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp index 705566d44..0bf8dd994 100644 --- a/src/modules/m_spanningtree/utils.cpp +++ b/src/modules/m_spanningtree/utils.cpp @@ -32,9 +32,11 @@ bool SpanningTreeUtilities::IsSID(const std::string &str) { /* Returns true if the string given is exactly 3 characters long, - * starts with a digit, and has no '.' in the other 2 + * starts with a digit, and the other two characters are A-Z or digits */ - return ((str.length() == 3) && isdigit(str[0]) && (str[1] != '.' && str[2] != '.')); + return ((str.length() == 3) && isdigit(str[0]) && + ((str[1] >= 'A' && str[1] <= 'Z') || isdigit(str[1])) && + ((str[2] >= 'A' && str[2] <= 'Z') || isdigit(str[2]))); } /** Yay for fast searches! |