From 2cbbc1ce84f5c4c3733c1c64d4f7f491f7aabbcd Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Fri, 9 Nov 2012 03:20:46 +0100 Subject: m_spanningtree Refuse bogus NICK messages If the new nick looks like an uid verify that its the correct uid --- src/modules/m_spanningtree/treesocket2.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index 67908c414..e93dece5f 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -394,7 +394,7 @@ void TreeSocket::ProcessConnectedLine(std::string& prefix, std::string& command, { if (params.size() != 2) { - SendError("Protocol violation: NICK message without TS - :"+who->uuid+" NICK "+params[0]); + SendError("Protocol violation: Wrong number of parameters for NICK message"); return; } @@ -404,6 +404,12 @@ void TreeSocket::ProcessConnectedLine(std::string& prefix, std::string& command, return; } + if ((isdigit(params[0][0])) && (params[0] != who->uuid)) + { + SendError("Protocol violation: User changing nick to an invalid UID - " + params[0]); + return; + } + /* Update timestamp on user when they change nicks */ who->age = atoi(params[1].c_str()); -- cgit v1.2.3