From 2054f42afc803494b08cbb7b645a4bbfe4ed330a Mon Sep 17 00:00:00 2001
From: special <special@e03df62e-2008-0410-955e-edbf42e46eb7>
Date: Thu, 22 Jun 2006 13:32:52 +0000
Subject: Forward port of server link DDoS/oper flood fix

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@4045 e03df62e-2008-0410-955e-edbf42e46eb7
---
 src/modules/m_spanningtree.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'src/modules')

diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index f5f0861ff..18f92c025 100644
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -2700,6 +2700,26 @@ class TreeSocket : public InspSocket
 
 	virtual int OnIncomingConnection(int newsock, char* ip)
 	{
+		/* To prevent anyone from attempting to flood opers/DDoS by connecting to the server port,
+		 * or discovering if this port is the server port, we don't allow connections from any
+		 * IPs for which we don't have a link block.
+		 */
+		bool found = false;
+		vector<Link>::iterator i;
+		for (i = LinkBlocks.begin(); i != LinkBlocks.end(); i++)
+		{
+			if (i->IPAddr == ip)
+			{
+				found = true;
+				break;
+			}
+		}
+		if (!found)
+		{
+			WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip);
+			close(newsock);
+			return false;
+		}
 		TreeSocket* s = new TreeSocket(newsock, ip);
 		Srv->AddSocket(s);
 		return true;
-- 
cgit v1.2.3