src/common.h (user_matches_glob): Convert last argument to be flags.
src/tools.c (user_matches_glob): Reorder tests to properly implement
the MATCH_VISIBLE flag.
src/chanserv.c: Update callers of user_matches_glob() to set
the MATCH_VISIBLE flag (in addition to MATCH_USENICK).
src/opserv.c: Update callers of user_matches_glob() to pass the
MATCH_USENICK flag.
git-archimport-id: srvx@srvx.net--2005-srvx/srvx--devo--1.3--patch-32
# arch-tag: automatic-ChangeLog--srvx@srvx.net--2005-srvx/srvx--devo--1.3
#
+2005-11-01 00:37:44 GMT Michael Poole <mdpoole@troilus.org> patch-32
+
+ Summary:
+ Avoid leaking information through ChanServ's ban matching.
+ Revision:
+ srvx--devo--1.3--patch-32
+
+ src/common.h (user_matches_glob): Convert last argument to be flags.
+
+ src/tools.c (user_matches_glob): Reorder tests to properly implement
+ the MATCH_VISIBLE flag.
+
+ src/chanserv.c: Update callers of user_matches_glob() to set
+ the MATCH_VISIBLE flag (in addition to MATCH_USENICK).
+
+ src/opserv.c: Update callers of user_matches_glob() to pass the
+ MATCH_USENICK flag.
+
+ modified files:
+ ChangeLog src/chanserv.c src/common.h src/opserv.c src/tools.c
+
+
2005-11-01 00:23:14 GMT Michael Poole <mdpoole@troilus.org> patch-31
Summary:
if(IsService(mn->user))
continue;
- if(!user_matches_glob(mn->user, ban, 1))
+ if(!user_matches_glob(mn->user, ban, MATCH_USENICK | MATCH_VISIBLE))
continue;
if(protect_user(mn->user, user, channel->channel_info))
{
for(ii = count = 0; ii < bans->used; ++ii)
{
- match[ii] = user_matches_glob(actee, bans->list[ii]->ban, 1);
+ match[ii] = user_matches_glob(actee, bans->list[ii]->ban,
+ MATCH_USENICK | MATCH_VISIBLE);
if(match[ii])
count++;
}
while(ban)
{
if(actee)
- for( ; ban && !user_matches_glob(actee, ban->mask, 1);
+ for( ; ban && !user_matches_glob(actee, ban->mask,
+ MATCH_USENICK | MATCH_VISIBLE);
ban = ban->next);
else
for( ; ban && !match_ircglobs(mask, ban->mask);
unsigned int ii;
for(ii = 0; ii < channel->banlist.used; ii++)
{
- if(user_matches_glob(user, channel->banlist.list[ii]->ban, 1))
+ if(user_matches_glob(user, channel->banlist.list[ii]->ban, MATCH_USENICK | MATCH_VISIBLE))
{
/* Riding a netburst. Naughty. */
KickChannelUser(user, channel, chanserv, "User from far side of netsplit should have been banned - bye.");
{
/* Not joining through a ban. */
for(bData = cData->bans;
- bData && !user_matches_glob(user, bData->mask, 1);
- bData = bData->next);
+ bData && !user_matches_glob(user, bData->mask, MATCH_USENICK | MATCH_VISIBLE);
+ bData = bData->next);
if(bData)
{
|| IsSuspended(channel->channel_info))
continue;
for(jj = 0; jj < channel->banlist.used; ++jj)
- if(user_matches_glob(user, channel->banlist.list[jj]->ban, 1))
+ if(user_matches_glob(user, channel->banlist.list[jj]->ban, MATCH_USENICK | MATCH_VISIBLE))
break;
if(jj < channel->banlist.used)
continue;
for(ban = channel->channel_info->bans; ban; ban = ban->next)
{
char kick_reason[MAXLEN];
- if(!user_matches_glob(user, ban->mask, 1))
+ if(!user_matches_glob(user, ban->mask, MATCH_USENICK | MATCH_VISIBLE))
continue;
change.args[0].mode = MODE_BAN;
change.args[0].u.hostmask = ban->mask;
continue;
/* Look for a matching ban already on the channel. */
for(jj = 0; jj < channel->banlist.used; ++jj)
- if(user_matches_glob(user, channel->banlist.list[jj]->ban, 1))
+ if(user_matches_glob(user, channel->banlist.list[jj]->ban, MATCH_USENICK | MATCH_VISIBLE))
break;
/* Need not act if we found one. */
if(jj < channel->banlist.used)
/* Look for a matching ban in this channel. */
for(bData = channel->channel_info->bans; bData; bData = bData->next)
{
- if(!user_matches_glob(user, bData->mask, 1))
+ if(!user_matches_glob(user, bData->mask, MATCH_USENICK | MATCH_VISIBLE))
continue;
change.args[0].u.hostmask = bData->mask;
mod_chanmode_announce(chanserv, channel, &change);
#define match_ircglobs !mmatch
int mmatch(const char *glob, const char *newglob);
int match_ircglob(const char *text, const char *glob);
-int user_matches_glob(struct userNode *user, const char *glob, int include_nick);
+#define MATCH_USENICK 1
+#define MATCH_VISIBLE 2
+int user_matches_glob(struct userNode *user, const char *glob, int flags);
int is_ircmask(const char *text);
int is_gline(const char *text);
/* Gag them if appropriate. */
for (gag = gagList; gag; gag = gag->next) {
- if (user_matches_glob(user, gag->mask, 1)) {
+ if (user_matches_glob(user, gag->mask, MATCH_USENICK)) {
gag_helper_func(user, NULL);
break;
}
/* Gag them if appropriate (and only if). */
user->modes &= ~FLAGS_GAGGED;
for (gag = gagList; gag; gag = gag->next) {
- if (user_matches_glob(user, gag->mask, 1)) {
+ if (user_matches_glob(user, gag->mask, MATCH_USENICK)) {
gag_helper_func(user, NULL);
break;
}
extern const char *hidden_host_suffix;
int
-user_matches_glob(struct userNode *user, const char *orig_glob, int include_nick)
+user_matches_glob(struct userNode *user, const char *orig_glob, int flags)
{
char *glob, *marker;
glob = alloca(strlen(orig_glob)+1);
strcpy(glob, orig_glob);
/* Check the nick, if it's present */
- if (include_nick) {
+ if (flags & MATCH_USENICK) {
if (!(marker = strchr(glob, '!'))) {
- log_module(MAIN_LOG, LOG_ERROR, "user_matches_glob(\"%s\", \"%s\", %d) called, and glob doesn't include a '!'", user->nick, orig_glob, include_nick);
+ log_module(MAIN_LOG, LOG_ERROR, "user_matches_glob(\"%s\", \"%s\", %d) called, and glob doesn't include a '!'", user->nick, orig_glob, flags);
return 0;
}
*marker = 0;
}
/* Check the ident */
if (!(marker = strchr(glob, '@'))) {
- log_module(MAIN_LOG, LOG_ERROR, "user_matches_glob(\"%s\", \"%s\", %d) called, and glob doesn't include an '@'", user->nick, orig_glob, include_nick);
+ log_module(MAIN_LOG, LOG_ERROR, "user_matches_glob(\"%s\", \"%s\", %d) called, and glob doesn't include an '@'", user->nick, orig_glob, flags);
return 0;
}
*marker = 0;
if (!match_ircglob(user->ident, glob))
return 0;
glob = marker + 1;
- /* If it might be an IP glob, test that. */
- if (!glob[strspn(glob, "0123456789./*?")]
- && match_ircglob(irc_ntoa(&user->ip), glob))
- return 1;
/* Check for a fakehost match. */
if (IsFakeHost(user) && match_ircglob(user->fakehost, glob))
return 1;
if (match_ircglob(hidden_host, glob))
return 1;
}
+ /* If only matching the visible hostnames, bail early. */
+ if ((flags & MATCH_VISIBLE) && (IsFakeHost(user) || IsHiddenHost(user)))
+ return 0;
+ /* If it might be an IP glob, test that. */
+ if (!glob[strspn(glob, "0123456789./*?")]
+ && match_ircglob(irc_ntoa(&user->ip), glob))
+ return 1;
/* None of the above; could only be a hostname match. */
return match_ircglob(user->hostname, glob);
}