1
0
mirror of https://github.com/anope/anope.git synced 2026-07-06 22:43:12 +02:00

Fix a privilege escalation exploit on InspIRCd with m_autoop.

This commit is contained in:
Peter Powell
2016-02-10 08:35:34 +00:00
parent dd9fcca45d
commit 9c17c2d818
+17
View File
@@ -77,6 +77,21 @@ class InspIRCd20Proto : public IRCDProto
bool IsIdentValid(const Anope::string &ident) anope_override { return insp12->IsIdentValid(ident); }
};
class InspIRCdAutoOpMode : public ChannelModeList
{
public:
InspIRCdAutoOpMode(char mode) : ChannelModeList("AUTOOP", mode)
{
}
bool IsValid(Anope::string &mask) const anope_override
{
// We can not validate this because we don't know about the
// privileges of the setter so just reject attempts to set it.
return false;
}
};
class InspIRCdExtBan : public ChannelModeVirtual<ChannelModeList>
{
char ext;
@@ -395,6 +410,8 @@ struct IRCDMessageCapab : Message::Capab
}
else if (modename.equals_cs("auditorium"))
cm = new ChannelMode("AUDITORIUM", modechar[0]);
else if (modename.equals_cs("autoop"))
cm = new InspIRCdAutoOpMode(modechar[0]);
else if (modename.equals_cs("ban"))
cm = new ChannelModeList("BAN", modechar[0]);
else if (modename.equals_cs("banexception"))