mirror of
				https://github.com/osmarks/ngircd.git
				synced 2025-10-25 19:17:38 +00:00 
			
		
		
		
	Better validate MODE +k & +l parameters and return errors
Implement new numeric ERR_INVALIDMODEPARAM_MSG(696) and: - Reject channel keys with spaces and return ERR_INVALIDMODEPARAM_MSG; This was possible until now and resulted in garbled IRC commands later. - Reject empty channel keys and return ERR_INVALIDMODEPARAM_MSG; This was possible until now and resulted in garbled IRC commands later. - Return ERR_INVALIDMODEPARAM_MSG when user limit is out of bounds; This was silently ignored until now. Closes #290. Thanks Val Lorentz for reporting it!
This commit is contained in:
		| @@ -620,6 +620,18 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel) | |||||||
| 						Client_ID(Origin), Req->command); | 						Client_ID(Origin), Req->command); | ||||||
| 				goto chan_exit; | 				goto chan_exit; | ||||||
| 			} | 			} | ||||||
|  | 			if (!Req->argv[arg_arg][0] || strchr(Req->argv[arg_arg], ' ')) { | ||||||
|  | 				if (is_machine) | ||||||
|  | 					Log(LOG_ERR, | ||||||
|  | 					    "Got invalid key on MODE +k for \"%s\" from \"%s\"! Ignored.", | ||||||
|  | 					    Channel_Name(Channel), Client_ID(Origin)); | ||||||
|  | 				else | ||||||
|  | 					connected = IRC_WriteErrClient(Origin, | ||||||
|  | 					       ERR_INVALIDMODEPARAM_MSG, | ||||||
|  | 						Client_ID(Origin), | ||||||
|  | 						Channel_Name(Channel), 'k'); | ||||||
|  | 				goto chan_exit; | ||||||
|  | 			} | ||||||
| 			if (is_oper || is_machine || is_owner || | 			if (is_oper || is_machine || is_owner || | ||||||
| 			    is_admin || is_op || is_halfop) { | 			    is_admin || is_op || is_halfop) { | ||||||
| 				Channel_ModeDel(Channel, 'k'); | 				Channel_ModeDel(Channel, 'k'); | ||||||
| @@ -660,15 +672,25 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel) | |||||||
| 						Client_ID(Origin), Req->command); | 						Client_ID(Origin), Req->command); | ||||||
| 				goto chan_exit; | 				goto chan_exit; | ||||||
| 			} | 			} | ||||||
|  | 			l = atol(Req->argv[arg_arg]); | ||||||
|  | 			if (l <= 0 || l >= 0xFFFF) { | ||||||
|  | 				if (is_machine) | ||||||
|  | 					Log(LOG_ERR, | ||||||
|  | 					    "Got MODE +l with invalid limit for \"%s\" from \"%s\"! Ignored.", | ||||||
|  | 					    Channel_Name(Channel), Client_ID(Origin)); | ||||||
|  | 				else | ||||||
|  | 					connected = IRC_WriteErrClient(Origin, | ||||||
|  | 						ERR_INVALIDMODEPARAM_MSG, | ||||||
|  | 						Client_ID(Origin), | ||||||
|  | 						Channel_Name(Channel), 'l'); | ||||||
|  | 				goto chan_exit; | ||||||
|  | 			} | ||||||
| 			if (is_oper || is_machine || is_owner || | 			if (is_oper || is_machine || is_owner || | ||||||
| 			    is_admin || is_op || is_halfop) { | 			    is_admin || is_op || is_halfop) { | ||||||
| 				l = atol(Req->argv[arg_arg]); | 				Channel_ModeDel(Channel, 'l'); | ||||||
| 				if (l > 0 && l < 0xFFFF) { | 				Channel_SetMaxUsers(Channel, l); | ||||||
| 					Channel_ModeDel(Channel, 'l'); | 				snprintf(argadd, sizeof(argadd), "%ld", l); | ||||||
| 					Channel_SetMaxUsers(Channel, l); | 				x[0] = *mode_ptr; | ||||||
| 					snprintf(argadd, sizeof(argadd), "%ld", l); |  | ||||||
| 					x[0] = *mode_ptr; |  | ||||||
| 				} |  | ||||||
| 			} else { | 			} else { | ||||||
| 				connected = IRC_WriteErrClient(Origin, | 				connected = IRC_WriteErrClient(Origin, | ||||||
| 					ERR_CHANOPRIVSNEEDED_MSG, | 					ERR_CHANOPRIVSNEEDED_MSG, | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| /* | /* | ||||||
|  * ngIRCd -- The Next Generation IRC Daemon |  * ngIRCd -- The Next Generation IRC Daemon | ||||||
|  * Copyright (c)2001-2020 Alexander Barton (alex@barton.de) and Contributors. |  * Copyright (c)2001-2023 Alexander Barton (alex@barton.de) and Contributors. | ||||||
|  * |  * | ||||||
|  * This program is free software; you can redistribute it and/or modify |  * This program is free software; you can redistribute it and/or modify | ||||||
|  * it under the terms of the GNU General Public License as published by |  * it under the terms of the GNU General Public License as published by | ||||||
| @@ -162,6 +162,8 @@ | |||||||
| #define ERR_USERNOTONSERV_MSG		"504 %s %s :User is not on this server" | #define ERR_USERNOTONSERV_MSG		"504 %s %s :User is not on this server" | ||||||
| #define ERR_NOINVITE_MSG		"518 %s :Cannot invite to %s (+V)" | #define ERR_NOINVITE_MSG		"518 %s :Cannot invite to %s (+V)" | ||||||
|  |  | ||||||
|  | #define ERR_INVALIDMODEPARAM_MSG	"696 %s %s %c * :Invalid mode parameter" | ||||||
|  |  | ||||||
| #ifdef ZLIB | #ifdef ZLIB | ||||||
| # define RPL_STATSLINKINFOZIP_MSG	"211 %s %s %d %ld %ld/%ld %ld %ld/%ld :%ld" | # define RPL_STATSLINKINFOZIP_MSG	"211 %s %s %d %ld %ld/%ld %ld %ld/%ld :%ld" | ||||||
| #endif | #endif | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Alexander Barton
					Alexander Barton