From d8b9a1237511b9f8d071b327e80af7705cca754d Mon Sep 17 00:00:00 2001 From: Michael Poole Date: Wed, 22 Feb 2006 21:35:39 +0000 Subject: [PATCH] Reject broad silences to make it harder to deduce someone's IP. git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1625 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- ChangeLog | 6 ++++++ ircd/m_silence.c | 16 +++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 77ef303..e1ad25f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2006-02-22 Michael Poole + + * ircd/m_silence.c (apply_silence): Refuse to apply silences for + local users that are broader than an IPv4 /16 or an IPv6 /32, + unless they match every host indiscriminately. + 2006-02-22 Michael Poole * ircd/s_auth.c (check_auth_finished): Give non-iauth clients diff --git a/ircd/m_silence.c b/ircd/m_silence.c index 97069d4..4530d6b 100644 --- a/ircd/m_silence.c +++ b/ircd/m_silence.c @@ -64,6 +64,7 @@ apply_silence(struct Client *sptr, char *mask) { struct Ban *sile; int flags; + char orig_mask[NICKLEN+USERLEN+HOSTLEN+3]; assert(mask && mask[0]); @@ -83,9 +84,22 @@ apply_silence(struct Client *sptr, char *mask) mask++; } - /* Make the silence, set flags, and apply it. */ + /* Make the silence and set additional flags. */ + ircd_strncpy(orig_mask, mask, sizeof(orig_mask) - 1); sile = make_ban(pretty_mask(mask)); sile->flags |= flags; + + /* If they're a local user trying to ban too broad a mask, forbid it. */ + if (MyUser(sptr) + && (sile->flags & BAN_IPMASK) + && sile->addrbits > 0 + && sile->addrbits < (irc_in_addr_is_ipv4(&sile->address) ? 112 : 32)) { + send_reply(sptr, ERR_MASKTOOWIDE, orig_mask); + free_ban(sile); + return NULL; + } + + /* Apply it to the silence list. */ return apply_ban(&cli_user(sptr)->silence, sile, 1) ? NULL : sile; } -- 2.20.1