Reject broad silences to make it harder to deduce someone's IP.

git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/branches/u2_10_12_branch@1625 c9e4aea6-c8fd-4c43-8297-357d70d61c8c

diff --git a/ChangeLog b/ChangeLog
index 77ef30380c2034cb82690ee2cd2cf3371db27b74..e1ad25fbffbc73dd41d4120647da25e8533e965d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-02-22  Michael Poole <mdpoole@troilus.org>
+
+       * ircd/m_silence.c (apply_silence): Refuse to apply silences for
+       local users that are broader than an IPv4 /16 or an IPv6 /32,
+       unless they match every host indiscriminately.
+
 2006-02-22  Michael Poole <mdpoole@troilus.org>
 
        * ircd/s_auth.c (check_auth_finished): Give non-iauth clients

diff --git a/ircd/m_silence.c b/ircd/m_silence.c
index 97069d4d9552de5ec0360873ee48e63bd5abd0fd..4530d6bcb7d84c96e983c7768fe0f29fb745b71b 100644 (file)
--- a/ircd/m_silence.c
+++ b/ircd/m_silence.c
@@ -64,6 +64,7 @@ apply_silence(struct Client *sptr, char *mask)
 {
   struct Ban *sile;
   int flags;
+  char orig_mask[NICKLEN+USERLEN+HOSTLEN+3];
 
   assert(mask && mask[0]);
 
@@ -83,9 +84,22 @@ apply_silence(struct Client *sptr, char *mask)
     mask++;
   }
 
-  /* Make the silence, set flags, and apply it. */
+  /* Make the silence and set additional flags. */
+  ircd_strncpy(orig_mask, mask, sizeof(orig_mask) - 1);
   sile = make_ban(pretty_mask(mask));
   sile->flags |= flags;
+
+  /* If they're a local user trying to ban too broad a mask, forbid it. */
+  if (MyUser(sptr)
+      && (sile->flags & BAN_IPMASK)
+      && sile->addrbits > 0
+      && sile->addrbits < (irc_in_addr_is_ipv4(&sile->address) ? 112 : 32)) {
+    send_reply(sptr, ERR_MASKTOOWIDE, orig_mask);
+    free_ban(sile);
+    return NULL;
+  }
+
+  /* Apply it to the silence list. */
   return apply_ban(&cli_user(sptr)->silence, sile, 1) ? NULL : sile;
 }