summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniel De Graaf <danieldg@inspircd.org>2010-04-11 16:38:03 -0500
committerDaniel De Graaf <danieldg@inspircd.org>2010-04-11 16:51:52 -0500
commit8f915e5ddbab4e36bb08f9f9d726e953db1f601f (patch)
treed7d3fb5c8cc7d907766e77b36ac27b13c2d301e5 /src
parent7db569ca938458bf60cda2321a38249eb666f43a (diff)
Prevent using invalid UIDs and enforce UID/SID matching
Diffstat (limited to 'src')
-rw-r--r--src/modules/m_spanningtree/uid.cpp12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/modules/m_spanningtree/uid.cpp b/src/modules/m_spanningtree/uid.cpp
index 118bdc500..b2f296e7b 100644
--- a/src/modules/m_spanningtree/uid.cpp
+++ b/src/modules/m_spanningtree/uid.cpp
@@ -39,6 +39,9 @@ CmdResult CommandUID::Handle(const parameterlist &params, User* serversrc)
if (!remoteserver)
return CMD_INVALID;
+ /* Is this a valid UID, and not misrouted? */
+ if (params[0].length() != 9 || params[0].substr(0,3) != serversrc->uuid)
+ return CMD_INVALID;
/* Check parameters for validity before introducing the client, discovered by dmb */
if (!age_t)
return CMD_INVALID;
@@ -61,7 +64,11 @@ CmdResult CommandUID::Handle(const parameterlist &params, User* serversrc)
if (collide != 1)
{
- /* remote client changed, make sure we change their nick for the hash too */
+ /* remote client lost, make sure we change their nick for the hash too
+ *
+ * This alters the line that will be sent to other servers, which
+ * commands normally shouldn't do; hence the required const_cast.
+ */
const_cast<parameterlist&>(params)[2] = params[0];
}
}
@@ -97,9 +104,6 @@ CmdResult CommandUID::Handle(const parameterlist &params, User* serversrc)
unsigned int paramptr = 9;
for (std::string::iterator v = modestr.begin(); v != modestr.end(); v++)
{
- if (*v == '+')
- continue;
-
/* For each mode thats set, increase counter */
ModeHandler* mh = ServerInstance->Modes->FindMode(*v, MODETYPE_USER);