From 3cf993500544c2157992650da2487bfa89be405d Mon Sep 17 00:00:00 2001 From: Daniel De Graaf Date: Fri, 2 Apr 2010 10:39:15 -0500 Subject: Use FindNickOnly in a few commands to prevent enumerating users via UID walking --- src/commands/cmd_invite.cpp | 7 ++++++- src/commands/cmd_ison.cpp | 4 ++-- src/commands/cmd_kick.cpp | 7 ++++++- src/commands/cmd_userhost.cpp | 2 +- src/modules/m_dccallow.cpp | 2 +- src/modules/m_sslinfo.cpp | 2 +- 6 files changed, 17 insertions(+), 7 deletions(-) diff --git a/src/commands/cmd_invite.cpp b/src/commands/cmd_invite.cpp index 8b2fcfa93..438aa37d0 100644 --- a/src/commands/cmd_invite.cpp +++ b/src/commands/cmd_invite.cpp @@ -41,7 +41,12 @@ CmdResult CommandInvite::Handle (const std::vector& parameters, Use if (parameters.size() == 2 || parameters.size() == 3) { - User* u = ServerInstance->FindNick(parameters[0]); + User* u; + if (IS_LOCAL(user)) + u = ServerInstance->FindNickOnly(parameters[0]); + else + u = ServerInstance->FindNick(parameters[0]); + Channel* c = ServerInstance->FindChan(parameters[1]); time_t timeout = 0; if (parameters.size() == 3) diff --git a/src/commands/cmd_ison.cpp b/src/commands/cmd_ison.cpp index 1d92ad3ca..f964c7442 100644 --- a/src/commands/cmd_ison.cpp +++ b/src/commands/cmd_ison.cpp @@ -54,7 +54,7 @@ CmdResult CommandIson::Handle (const std::vector& parameters, User for (unsigned int i = 0; i < parameters.size(); i++) { - u = ServerInstance->FindNick(parameters[i]); + u = ServerInstance->FindNickOnly(parameters[i]); if (ison_already.find(u) != ison_already.end()) continue; @@ -79,7 +79,7 @@ CmdResult CommandIson::Handle (const std::vector& parameters, User while (list.GetToken(item)) { - u = ServerInstance->FindNick(item); + u = ServerInstance->FindNickOnly(item); if (ison_already.find(u) != ison_already.end()) continue; diff --git a/src/commands/cmd_kick.cpp b/src/commands/cmd_kick.cpp index 39e2c4433..ab346d395 100644 --- a/src/commands/cmd_kick.cpp +++ b/src/commands/cmd_kick.cpp @@ -40,11 +40,16 @@ CmdResult CommandKick::Handle (const std::vector& parameters, User { std::string reason; Channel* c = ServerInstance->FindChan(parameters[0]); - User* u = ServerInstance->FindNick(parameters[1]); + User* u; if (ServerInstance->Parser->LoopCall(user, this, parameters, 1)) return CMD_SUCCESS; + if (IS_LOCAL(user)) + u = ServerInstance->FindNickOnly(parameters[1]); + else + u = ServerInstance->FindNick(parameters[1]); + if (!u || !c) { user->WriteServ( "401 %s %s :No such nick/channel", user->nick.c_str(), u ? parameters[0].c_str() : parameters[1].c_str()); diff --git a/src/commands/cmd_userhost.cpp b/src/commands/cmd_userhost.cpp index 102bb3d84..126b49ee4 100644 --- a/src/commands/cmd_userhost.cpp +++ b/src/commands/cmd_userhost.cpp @@ -50,7 +50,7 @@ CmdResult CommandUserhost::Handle (const std::vector& parameters, U for (unsigned int i = 0; i < parameters.size(); i++) { - User *u = ServerInstance->FindNick(parameters[i]); + User *u = ServerInstance->FindNickOnly(parameters[i]); if ((u) && (u->registered == REG_ALL)) { diff --git a/src/modules/m_dccallow.cpp b/src/modules/m_dccallow.cpp index 68090a8c3..5995c1b28 100644 --- a/src/modules/m_dccallow.cpp +++ b/src/modules/m_dccallow.cpp @@ -88,7 +88,7 @@ class CommandDccallow : public Command } std::string nick = parameters[0].substr(1); - User *target = ServerInstance->FindNick(nick); + User *target = ServerInstance->FindNickOnly(nick); if (target) { diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 3bc94bbaa..e27161dac 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -83,7 +83,7 @@ class CommandSSLInfo : public Command CmdResult Handle (const std::vector ¶meters, User *user) { - User* target = ServerInstance->FindNick(parameters[0]); + User* target = ServerInstance->FindNickOnly(parameters[0]); if (!target) { -- cgit v1.2.3