From be7c44e61bdc795a72b4c7478ea302b791223927 Mon Sep 17 00:00:00 2001 From: Michael Poole Date: Mon, 2 Mar 2015 21:48:14 -0500 Subject: [PATCH] m_cap.c: Do not allow CAP ACK to set prohibited caps, or clear sticky ones. Thanks to Michael Wobst from the ircd-hybrid team for reporting this. --- ircd/m_cap.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ircd/m_cap.c b/ircd/m_cap.c index 2443c42..a2cc799 100644 --- a/ircd/m_cap.c +++ b/ircd/m_cap.c @@ -260,10 +260,15 @@ cap_ack(struct Client *sptr, const char *caplist) (neg ? HasCap(sptr, cap->cap) : !HasCap(sptr, cap->cap))) /* uh... */ continue; - if (neg) /* set or clear the active capability... */ + if (neg) { /* set or clear the active capability... */ + if (cap->flags & CAPFL_STICKY) + continue; /* but don't clear sticky capabilities */ CapClr(cli_active(sptr), cap->cap); - else + } else { + if (cap->flags & CAPFL_PROHIBIT) + continue; /* and don't set prohibited ones */ CapSet(cli_active(sptr), cap->cap); + } } return 0; -- 2.20.1