]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_cgiirc.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't use hosts more than 64 characters long from CGI:IRC
[user/henk/code/inspircd.git] / src / modules / m_cgiirc.cpp
diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp
index 996ba7199a17ca4204fa7dcb1b613fb496edb9c4..27309e677b51372e45e8e5448f086a159d7d3430 100644 (file)
--- a/src/modules/m_cgiirc.cpp
+++ b/src/modules/m_cgiirc.cpp
@@ -117,11 +117,10 @@ class CGIResolver : public Resolver
                        if (notify)
                                ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s detected as using CGI:IRC (%s), changing real host to %s from %s", them->nick.c_str(), them->host.c_str(), result.c_str(), typ.c_str());
 
-                       them->host.assign(result,0, 64);
-                       them->dhost.assign(result, 0, 64);
-                       if (querytype)
-                               them->SetClientIP(result.c_str());
-                       them->ident.assign("~cgiirc", 0, 8);
+                       if (result.length() > 64)
+                               return;
+                       them->host = result;
+                       them->dhost = result;
                        them->InvalidateCache();
                        them->CheckLines(true);
                }
@@ -257,12 +256,11 @@ public:
        {
                std::string *webirc_hostname = cmd.webirc_hostname.get(user);
                std::string *webirc_ip = cmd.webirc_ip.get(user);
-               if (webirc_hostname)
+               if (webirc_hostname && webirc_hostname->length() < 64)
                {
-                       user->host.assign(*webirc_hostname, 0, 64);
-                       user->dhost.assign(*webirc_hostname, 0, 64);
+                       user->host = *webirc_hostname;
+                       user->dhost = *webirc_hostname;
                        user->InvalidateCache();
-                       cmd.webirc_hostname.unset(user);
                }
                if (webirc_ip)
                {
@@ -276,6 +274,7 @@ public:
                        user->CheckClass();
                        user->CheckLines(true);
                }
+               cmd.webirc_hostname.unset(user);
        }
 
        bool CheckPass(LocalUser* user)
@@ -284,39 +283,28 @@ public:
                {
                        cmd.realhost.set(user, user->host);
                        cmd.realip.set(user, user->GetIPString());
-                       user->host.assign(user->password, 0, 64);
-                       user->dhost.assign(user->password, 0, 64);
+                       user->host = user->password;
+                       user->dhost = user->password;
                        user->InvalidateCache();
 
-                       bool valid = false;
                        ServerInstance->Users->RemoveCloneCounts(user);
-                       valid = user->SetClientIP(user->password.c_str());
+                       user->SetClientIP(user->password.c_str());
                        ServerInstance->Users->AddLocalClone(user);
                        ServerInstance->Users->AddGlobalClone(user);
                        user->SetClass();
                        user->CheckClass();
 
-                       if (valid)
+                       try
                        {
-                               /* We were given a IP in the password, we don't do DNS so they get this is as their host as well. */
-                               if(NotifyOpers)
-                                       ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s detected as using CGI:IRC (%s), changing real host to %s from PASS", user->nick.c_str(), user->host.c_str(), user->password.c_str());
+
+                               bool cached;
+                               CGIResolver* r = new CGIResolver(this, NotifyOpers, user->password, false, user, user->GetFd(), "PASS", cached);
+                               ServerInstance->AddResolver(r, cached);
                        }
-                       else
+                       catch (...)
                        {
-                               /* We got as resolved hostname in the password. */
-                               try
-                               {
-
-                                       bool cached;
-                                       CGIResolver* r = new CGIResolver(this, NotifyOpers, user->password, false, user, user->GetFd(), "PASS", cached);
-                                       ServerInstance->AddResolver(r, cached);
-                               }
-                               catch (...)
-                               {
-                                       if (NotifyOpers)
-                                               ServerInstance->SNO->WriteToSnoMask('a', "Connecting user %s detected as using CGI:IRC (%s), but I could not resolve their hostname!", user->nick.c_str(), user->host.c_str());
-                               }
+                               if (NotifyOpers)
+                                       ServerInstance->SNO->WriteToSnoMask('a', "Connecting user %s detected as using CGI:IRC (%s), but I could not resolve their hostname!", user->nick.c_str(), user->host.c_str());
                        }
 
                        user->password.clear();
@@ -377,7 +365,7 @@ public:
 
        bool IsValidHost(const std::string &host)
        {
-               if(!host.size())
+               if(!host.size() || host.size() > 64)
                        return false;
 
                for(unsigned int i = 0; i < host.size(); i++)