From 8f915e5ddbab4e36bb08f9f9d726e953db1f601f Mon Sep 17 00:00:00 2001 From: Daniel De Graaf Date: Sun, 11 Apr 2010 16:38:03 -0500 Subject: Prevent using invalid UIDs and enforce UID/SID matching --- src/modules/m_spanningtree/uid.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_spanningtree/uid.cpp b/src/modules/m_spanningtree/uid.cpp index 118bdc500..b2f296e7b 100644 --- a/src/modules/m_spanningtree/uid.cpp +++ b/src/modules/m_spanningtree/uid.cpp @@ -39,6 +39,9 @@ CmdResult CommandUID::Handle(const parameterlist ¶ms, User* serversrc) if (!remoteserver) return CMD_INVALID; + /* Is this a valid UID, and not misrouted? */ + if (params[0].length() != 9 || params[0].substr(0,3) != serversrc->uuid) + return CMD_INVALID; /* Check parameters for validity before introducing the client, discovered by dmb */ if (!age_t) return CMD_INVALID; @@ -61,7 +64,11 @@ CmdResult CommandUID::Handle(const parameterlist ¶ms, User* serversrc) if (collide != 1) { - /* remote client changed, make sure we change their nick for the hash too */ + /* remote client lost, make sure we change their nick for the hash too + * + * This alters the line that will be sent to other servers, which + * commands normally shouldn't do; hence the required const_cast. + */ const_cast(params)[2] = params[0]; } } @@ -97,9 +104,6 @@ CmdResult CommandUID::Handle(const parameterlist ¶ms, User* serversrc) unsigned int paramptr = 9; for (std::string::iterator v = modestr.begin(); v != modestr.end(); v++) { - if (*v == '+') - continue; - /* For each mode thats set, increase counter */ ModeHandler* mh = ServerInstance->Modes->FindMode(*v, MODETYPE_USER); -- cgit v1.2.3