+2006-02-22 Michael Poole <mdpoole@troilus.org>
+
+ * ircd/m_silence.c (apply_silence): Refuse to apply silences for
+ local users that are broader than an IPv4 /16 or an IPv6 /32,
+ unless they match every host indiscriminately.
+
2006-02-22 Michael Poole <mdpoole@troilus.org>
* ircd/s_auth.c (check_auth_finished): Give non-iauth clients
{
struct Ban *sile;
int flags;
+ char orig_mask[NICKLEN+USERLEN+HOSTLEN+3];
assert(mask && mask[0]);
mask++;
}
- /* Make the silence, set flags, and apply it. */
+ /* Make the silence and set additional flags. */
+ ircd_strncpy(orig_mask, mask, sizeof(orig_mask) - 1);
sile = make_ban(pretty_mask(mask));
sile->flags |= flags;
+
+ /* If they're a local user trying to ban too broad a mask, forbid it. */
+ if (MyUser(sptr)
+ && (sile->flags & BAN_IPMASK)
+ && sile->addrbits > 0
+ && sile->addrbits < (irc_in_addr_is_ipv4(&sile->address) ? 112 : 32)) {
+ send_reply(sptr, ERR_MASKTOOWIDE, orig_mask);
+ free_ban(sile);
+ return NULL;
+ }
+
+ /* Apply it to the silence list. */
return apply_ban(&cli_user(sptr)->silence, sile, 1) ? NULL : sile;
}