diff options
author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-08-29 20:31:52 +0000 |
---|---|---|
committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-08-29 20:31:52 +0000 |
commit | fb29f9c44acc0fc621194c33951a8135752708d6 (patch) | |
tree | 0d8207cad62a0d0ccbaa5f422f0f0efa95e23f50 | |
parent | 73b31091934b7174e02a5ec7b2975a32e351a43c (diff) |
Make IsSID completely strict: Must be [digit][A-Zdigit][A-Zdigit], nothing else.
Use it to sanity check SID given on link
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@7993 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r-- | src/modules/m_spanningtree/treesocket2.cpp | 17 | ||||
-rw-r--r-- | src/modules/m_spanningtree/utils.cpp | 6 |
2 files changed, 21 insertions, 2 deletions
diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index dedf76786..ff5e7b203 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -815,6 +815,11 @@ bool TreeSocket::RemoteServer(const std::string &prefix, std::deque<std::string> this->SendError("Protocol error - Introduced remote server from unknown server "+prefix); return false; } + if (!Utils->IsSID(sid)) + { + this->SendError("Invalid format server ID: "+sid+"!"); + return false; + } TreeServer* CheckDupe = Utils->FindServer(servername); if (CheckDupe) { @@ -889,6 +894,12 @@ bool TreeSocket::Outbound_Reply_Server(std::deque<std::string> ¶ms) return false; } + if (!Utils->IsSID(sid)) + { + this->SendError("Invalid format server ID: "+sid+"!"); + return false; + } + for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) { if ((x->Name == servername) && ((ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password)) || (x->RecvPass == password && (this->GetTheirChallenge().empty())))) @@ -960,6 +971,12 @@ bool TreeSocket::Inbound_Server(std::deque<std::string> ¶ms) return false; } + if (!Utils->IsSID(sid)) + { + this->SendError("Invalid format server ID: "+sid+"!"); + return false; + } + for (std::vector<Link>::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) { if ((x->Name == servername) && ((ComparePass(this->MakePass(x->RecvPass,this->GetOurChallenge()),password) || x->RecvPass == password && (this->GetTheirChallenge().empty())))) diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp index 705566d44..0bf8dd994 100644 --- a/src/modules/m_spanningtree/utils.cpp +++ b/src/modules/m_spanningtree/utils.cpp @@ -32,9 +32,11 @@ bool SpanningTreeUtilities::IsSID(const std::string &str) { /* Returns true if the string given is exactly 3 characters long, - * starts with a digit, and has no '.' in the other 2 + * starts with a digit, and the other two characters are A-Z or digits */ - return ((str.length() == 3) && isdigit(str[0]) && (str[1] != '.' && str[2] != '.')); + return ((str.length() == 3) && isdigit(str[0]) && + ((str[1] >= 'A' && str[1] <= 'Z') || isdigit(str[1])) && + ((str[2] >= 'A' && str[2] <= 'Z') || isdigit(str[2]))); } /** Yay for fast searches! |