summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2007-08-29 20:31:52 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2007-08-29 20:31:52 +0000
commitfb29f9c44acc0fc621194c33951a8135752708d6 (patch)
tree0d8207cad62a0d0ccbaa5f422f0f0efa95e23f50
parent73b31091934b7174e02a5ec7b2975a32e351a43c (diff)
Make IsSID completely strict: Must be [digit][A-Zdigit][A-Zdigit], nothing else.
Use it to sanity check SID given on link git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@7993 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--src/modules/m_spanningtree/treesocket2.cpp17
-rw-r--r--src/modules/m_spanningtree/utils.cpp6
2 files changed, 21 insertions, 2 deletions
diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp
index dedf76786..ff5e7b203 100644
--- a/src/modules/m_spanningtree/treesocket2.cpp
+++ b/src/modules/m_spanningtree/treesocket2.cpp
@@ -815,6 +815,11 @@ bool TreeSocket::RemoteServer(const std::string &prefix, std::deque<std::string>
this->SendError("Protocol error - Introduced remote server from unknown server "+prefix);
return false;
}
+ if (!Utils->IsSID(sid))
+ {
+ this->SendError("Invalid format server ID: "+sid+"!");
+ return false;
+ }
TreeServer* CheckDupe = Utils->FindServer(servername);
if (CheckDupe)
{
@@ -889,6 +894,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> &params)
return false;
}
+ if (!Utils->IsSID(sid))
+ {
+ this->SendError("Invalid format server ID: "+sid+"!");
+ return false;
+ }
+
for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++)
{
if ((x->Name == servername) && ((ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password)) || (x->RecvPass == password && (this->GetTheirChallenge().empty()))))
@@ -960,6 +971,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> &params)
return false;
}
+ if (!Utils->IsSID(sid))
+ {
+ this->SendError("Invalid format server ID: "+sid+"!");
+ return false;
+ }
+
for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++)
{
if ((x->Name == servername) && ((ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password) || x->RecvPass == password && (this->GetTheirChallenge().empty()))))
diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp
index 705566d44..0bf8dd994 100644
--- a/src/modules/m_spanningtree/utils.cpp
+++ b/src/modules/m_spanningtree/utils.cpp
@@ -32,9 +32,11 @@
bool SpanningTreeUtilities::IsSID(const std::string &str)
{
/* Returns true if the string given is exactly 3 characters long,
- * starts with a digit, and has no '.' in the other 2
+ * starts with a digit, and the other two characters are A-Z or digits
*/
- return ((str.length() == 3) && isdigit(str[0]) && (str[1] != '.' && str[2] != '.'));
+ return ((str.length() == 3) && isdigit(str[0]) &&
+ ((str[1] >= 'A' && str[1] <= 'Z') || isdigit(str[1])) &&
+ ((str[2] >= 'A' && str[2] <= 'Z') || isdigit(str[2])));
}
/** Yay for fast searches!