From 25c1319e0d16f4cea707a3b7968b70530a5a333f Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 27 Nov 2017 14:13:42 +0000 Subject: Add length checking to GetExtBanStatus and m_banexception. As far as I can tell this is not a problem as all ban masks are canonicalised but its better to be safe than sorry. --- src/channels.cpp | 2 +- src/modules/m_banexception.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/channels.cpp b/src/channels.cpp index 9f1eafd0c..df2212a21 100644 --- a/src/channels.cpp +++ b/src/channels.cpp @@ -476,7 +476,7 @@ ModResult Channel::GetExtBanStatus(User *user, char type) return rv; for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++) { - if (i->data[0] == type && i->data[1] == ':') + if (i->data.length() > 2 && i->data[0] == type && i->data[1] == ':') { std::string val = i->data.substr(2); if (CheckBan(user, val)) diff --git a/src/modules/m_banexception.cpp b/src/modules/m_banexception.cpp index 1811f743d..7531c5c12 100644 --- a/src/modules/m_banexception.cpp +++ b/src/modules/m_banexception.cpp @@ -79,7 +79,7 @@ public: for (modelist::iterator it = list->begin(); it != list->end(); it++) { - if (it->mask[0] != type || it->mask[1] != ':') + if (it->mask.length() <= 2 || it->mask[0] != type || it->mask[1] != ':') continue; if (chan->CheckBan(user, it->mask.substr(2))) -- cgit v1.2.3