From 0218d3290312c516b9b4bc72ae8778935e986300 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Fri, 10 Aug 2018 10:25:40 +0100 Subject: Fix sending malformed ERR_UNKNOWNCOMMAND messages in some cases. This is not something the average user will encounter. It can only happen if the user sends a message with preceding whitespace or a prefix but no command name. This is not something that should ever be seen in practise so we just penalise the user and pretend nothing ever happened. The previous code also contained undefined behaviour but it acted sensibly on all compilers we support so it was not crashable. --- src/command_parse.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/command_parse.cpp b/src/command_parse.cpp index 76dfc06ce..53f19437b 100644 --- a/src/command_parse.cpp +++ b/src/command_parse.cpp @@ -193,8 +193,12 @@ bool CommandParser::ProcessCommand(LocalUser *user, std::string &cmd) * the rfc says they shouldnt but also says the ircd should * discard it if they do. */ - if (command[0] == ':') - tokens.GetToken(command); + if ((command.empty() || command[0] == ':') && !tokens.GetToken(command)) + { + // Penalise the user to discourage them from spamming the server with trash. + user->CommandFloodPenalty += 2000; + return false; + } while (tokens.GetToken(token) && (command_p.size() <= MAXPARAMETERS)) command_p.push_back(token); -- cgit v1.2.3