X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=inline;f=src%2Fmodules%2Fm_websocket.cpp;h=1b6aa7b8f03dc9ef8517863452b91ceeb0ff9ad0;hb=c7b938502295ddc5b2c89e0854d8c5c19ede32dc;hp=ee1c00e97fe7b0bfd7473efb9687a686eded5b64;hpb=afb5972ab54d64f8c4e7b09962fb2088e427920b;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_websocket.cpp b/src/modules/m_websocket.cpp
index ee1c00e97..1b6aa7b8f 100644
--- a/src/modules/m_websocket.cpp
+++ b/src/modules/m_websocket.cpp
@@ -1,7 +1,9 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
- *   Copyright (C) 2016 Attila Molnar <attilamolnar@hush.com>
+ *   Copyright (C) 2019 iwalkalone <iwalkalone69@gmail.com>
+ *   Copyright (C) 2017-2021 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2016-2017 Attila Molnar <attilamolnar@hush.com>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
  * redistribute it and/or modify it under the terms of the GNU General Public
@@ -23,9 +25,8 @@
 #include "iohook.h"
 #include "modules/hash.h"
 
-#include <utf8.h>
-
-typedef std::vector<std::string> OriginList;
+#define UTF_CPP_CPLUSPLUS 199711L
+#include <unchecked.h>
 
 static const char MagicGUID[] = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
 static const char whitespace[] = " \t\r\n";
@@ -33,6 +34,7 @@ static dynamic_reference_nocheck<HashProvider>* sha1;
 
 struct WebSocketConfig
 {
+	typedef std::vector<std::string> OriginList;
 	typedef std::vector<std::string> ProxyRanges;
 
 	// The HTTP origins that can connect to the server.
@@ -329,7 +331,7 @@ class WebSocketHook : public IOHookMiddle
 		if (originheader.Find(recvq, "Origin:", 7, reqend))
 		{
 			const std::string origin = originheader.ExtractValue(recvq);
-			for (OriginList::const_iterator iter = config.allowedorigins.begin(); iter != config.allowedorigins.end(); ++iter)
+			for (WebSocketConfig::OriginList::const_iterator iter = config.allowedorigins.begin(); iter != config.allowedorigins.end(); ++iter)
 			{
 				if (InspIRCd::Match(origin, *iter, ascii_case_insensitive_map))
 				{
@@ -338,6 +340,11 @@ class WebSocketHook : public IOHookMiddle
 				}
 			}
 		}
+		else
+		{
+			FailHandshake(sock, "HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n", "WebSocket: Received HTTP request that did not send the Origin header");
+			return -1;
+		}
 
 		if (!allowedorigin)
 		{
@@ -364,11 +371,15 @@ class WebSocketHook : public IOHookMiddle
 
 			for (WebSocketConfig::ProxyRanges::const_iterator iter = config.proxyranges.begin(); iter != config.proxyranges.end(); ++iter)
 			{
-				if (InspIRCd::MatchCIDR(*iter, luser->GetIPString(), ascii_case_insensitive_map))
+				if (InspIRCd::MatchCIDR(luser->GetIPString(), *iter, ascii_case_insensitive_map))
 				{
 					// Give the user their real IP address.
-					if (realsa == luser->client_sa)
+					if (realsa != luser->client_sa)
 						luser->SetClientIP(realsa);
+
+					// Error if changing their IP gets them banned.
+					if (luser->quitting)
+						return -1;
 					break;
 				}
 			}
@@ -434,7 +445,7 @@ class WebSocketHook : public IOHookMiddle
 					{
 						// If we send messages as text then we need to ensure they are valid UTF-8.
 						std::string encoded;
-						utf8::replace_invalid(message.begin(), message.end(), std::back_inserter(encoded));
+						utf8::unchecked::replace_invalid(message.begin(), message.end(), std::back_inserter(encoded));
 
 						mysendq.push_back(PrepareSendQElem(encoded.length(), OP_TEXT));
 						mysendq.push_back(encoded);
@@ -549,7 +560,7 @@ class ModuleWebSocket : public Module
 
 	Version GetVersion() CXX11_OVERRIDE
 	{
-		return Version("Provides RFC 6455 WebSocket support", VF_VENDOR);
+		return Version("Allows WebSocket clients to connect to the IRC server.", VF_VENDOR);
 	}
 };