]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_spanningtree.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allowed capab unencrypted in an encrypted connection
[user/henk/code/inspircd.git] / src / modules / m_spanningtree.cpp
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index 604c081d8f6421dd4c3fdbad791d5cae04236abc..57872b65d63e7a209678addd6aa35550ec357963 100644 (file)
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -1230,8 +1230,8 @@ class TreeSocket : public InspSocket
                                        char out[1024];
                                        char result[1024];
                                        log(DEBUG,"Original string '%s'",ret.c_str());
-                                       /* ERROR is still allowed unencryped */
-                                       if (ret.substr(0,7) != "ERROR :")
+                                       /* ERROR + CAPAB is still allowed unencryped */
+                                       if ((ret.substr(0,7) != "ERROR :") && (ret.substr(0,6) != "CAPAB "))
                                        {
                                                int nbytes = from64tobits(out, ret.c_str(), 1024);
                                                log(DEBUG,"m_spanningtree: decrypt %d bytes",nbytes);
@@ -1256,8 +1256,8 @@ class TreeSocket : public InspSocket
                if (this->ctx)
                {
                        log(DEBUG,"AES context");
-                       char result[1024];
-                       char result64[1024];
+                       char result[10240];
+                       char result64[10240];
                        if (this->keylength)
                        {
                                while (line.length() % this->keylength != 0)
@@ -1266,10 +1266,13 @@ class TreeSocket : public InspSocket
                                        line = line + "\7";
                                }
                        }
-                       ctx->Encrypt(line.c_str(), result, line.length(),0);
+                       unsigned int ll = line.length();
+                       log(DEBUG,"Plaintext line with padding = %d chars",ll);
+                       ctx->Encrypt(line.c_str(), result, ll, 0);
+                       log(DEBUG,"Encrypted.");
                        to64frombits((unsigned char*)result64,
                                        (unsigned char*)result,
-                                       line.length());
+                                       ll);
                        line = result64;
                        log(DEBUG,"Encrypted: %s",line.c_str());
                        //int from64tobits(char *out, const char *in, int maxlen);
@@ -2635,8 +2638,12 @@ class ModuleSpanningTree : public Module
                return false;
        }
 
-       virtual int OnPreCommand(std::string command, char **parameters, int pcnt, userrec *user)
+       virtual int OnPreCommand(std::string command, char **parameters, int pcnt, userrec *user, bool validated)
        {
+               /* If the command doesnt appear to be valid, we dont want to mess with it. */
+               if (!validated)
+                       return 0;
+
                if (command == "CONNECT")
                {
                        return this->HandleConnect(parameters,pcnt,user);