- for (OriginList::const_iterator iter = config.allowedorigins.begin(); iter != config.allowedorigins.end(); ++iter)
+ for (WebSocketConfig::OriginList::const_iterator iter = config.allowedorigins.begin(); iter != config.allowedorigins.end(); ++iter)
{
if (InspIRCd::Match(origin, *iter, ascii_case_insensitive_map))
{
{
if (InspIRCd::Match(origin, *iter, ascii_case_insensitive_map))
{
@@ -338,6+340,11 @@ class WebSocketHook : public IOHookMiddle
}
}
}
}
}
}
+ else
+ {
+ FailHandshake(sock, "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "WebSocket: Received HTTP request that did not send the Origin header");
+ return -1;
+ }
if (!allowedorigin)
{
if (!allowedorigin)
{
@@ -364,11+371,15 @@ class WebSocketHook : public IOHookMiddle
for (WebSocketConfig::ProxyRanges::const_iterator iter = config.proxyranges.begin(); iter != config.proxyranges.end(); ++iter)
{
for (WebSocketConfig::ProxyRanges::const_iterator iter = config.proxyranges.begin(); iter != config.proxyranges.end(); ++iter)
{
- if (InspIRCd::MatchCIDR(*iter, luser->GetIPString(), ascii_case_insensitive_map))
+ if (InspIRCd::MatchCIDR(luser->GetIPString(), *iter, ascii_case_insensitive_map))
{
// Give the user their real IP address.
{
// Give the user their real IP address.
- if (realsa == luser->client_sa)
+ if (realsa != luser->client_sa)
luser->SetClientIP(realsa);
luser->SetClientIP(realsa);
+
+ // Error if changing their IP gets them banned.
+ if (luser->quitting)
+ return -1;
break;
}
}
break;
}
}
@@ -434,7+445,7 @@ class WebSocketHook : public IOHookMiddle
{
// If we send messages as text then we need to ensure they are valid UTF-8.
std::string encoded;
{
// If we send messages as text then we need to ensure they are valid UTF-8.