From feed224b3e95ae3ce7b0832f214b1401e75d4419 Mon Sep 17 00:00:00 2001
From: pk910 <philipp@zoelle1.de>
Date: Tue, 26 Jul 2011 12:59:20 +0200
Subject: [PATCH] really check if PASS was sent on Server handshake

---
 Uplink/Uplink.class.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Uplink/Uplink.class.php b/Uplink/Uplink.class.php
index 4891df2..6908ab7 100644
--- a/Uplink/Uplink.class.php
+++ b/Uplink/Uplink.class.php
@@ -68,6 +68,7 @@ class Uplink {
 	const FLAG_NOT_CONNECTABLE = 0x0004; //remote server is not connectable
 	const FLAG_BURST_PENDING   = 0x0008; //we still have to burst
 	const FLAG_CONNECTED       = 0x0010; //connected and synced (ready)
+	const FLAG_GOT_PASS        = 0x0020; //got PASS from the remote Server
 	private $flags = 0;
 	
 	public function __construct() {
@@ -242,7 +243,9 @@ class Uplink {
 				$this->flags |= self::FLAG_SECURITY_QUIT;
 				$this->send("ERROR", "Incorrect password received.");
 				$this->client->disconnect();
+				return;
 			}
+			$this->flags |= self::FLAG_GOT_PASS;
 		}
 	}
 	
@@ -262,6 +265,12 @@ class Uplink {
 				$this->client->disconnect();
 				return;
 			}
+			if($this->getSetting("their_password") && !($this->flags & self::FLAG_GOT_PASS)) {
+				$this->flags |= self::FLAG_SECURITY_QUIT;
+				$this->send("ERROR", "PASS missing.");
+				$this->client->disconnect();
+				return;
+			}
 			$new_server = new P10_Server($args[0], substr($args[5],0,2), $this->server, $args[2], $args[3], $args[7]);
 			$this->server->addServer($new_server);
 			$this->flags |= self::FLAG_P10SESSION | self::FLAG_BURST_PENDING;
@@ -322,7 +331,7 @@ class Uplink {
 	}
 	
 	private function recv_end_of_burst_ack($from, $args) {
-		$this->flags |= FLAG_CONNECTED;
+		$this->flags |= self::FLAG_CONNECTED;
 	}
 	
 	private function recv_server_quit($from, $args) {
-- 
2.20.1