1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-10 13:23:13 +02:00

Fix "ban too broad" checking. Reported by Gottem in #4961.

* The 'ban too broad' checking was broken. This permitted glines such
  as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
  To disable this safety measure you can (still) use:
  set { options { allow-insane-bans; }; };
This commit is contained in:
Bram Matthys
2017-08-10 08:30:54 +02:00
parent f5b29ed7de
commit 18202a0f73
2 changed files with 18 additions and 10 deletions
+4
View File
@@ -18,6 +18,10 @@ Major issues fixed:
Minor issues fixed:
* Prevent /OPER for oper blocks with non-existant operclass
* Bump MAXCONNECTIONS for Windows, allowing you to hold more clients.
* The 'ban too broad' checking was broken. This permitted glines such
as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
To disable this safety measure you can (still) use:
set { options { allow-insane-bans; }; };
Other changes:
* The websocket module now no longer sends \r\n in the websocket
+14 -10
View File
@@ -379,15 +379,8 @@ int ban_too_broad(char *usermask, char *hostmask)
/* Allow things like clone@*, dsfsf@*, etc.. */
if (!strchr(usermask, '*') && !strchr(usermask, '?'))
return 0;
/* STEP 1: Must at least contain 4 non-wildcard/non-dot characters */
for (p = hostmask; *p; p++)
if (*p != '*' && *p != '.' && *p != '?')
cnt++;
if (cnt >= 4)
return 0;
/* If it's a CIDR, then check /mask first.. */
p = strchr(hostmask, '/');
if (p)
{
@@ -395,13 +388,24 @@ int ban_too_broad(char *usermask, char *hostmask)
if (strchr(hostmask, ':'))
{
if (cidrlen < 48)
return 0; /* too broad IPv6 CIDR mask */
return 1; /* too broad IPv6 CIDR mask */
} else {
if (cidrlen < 16)
return 0; /* too broad IPv4 CIDR mask */
return 1; /* too broad IPv4 CIDR mask */
}
}
/* Must at least contain 4 non-wildcard/non-dot characters.
* This will deal with non-CIDR and hosts, but any correct
* CIDR mask will also pass this test (which is fine).
*/
for (p = hostmask; *p; p++)
if (*p != '*' && *p != '.' && *p != '?')
cnt++;
if (cnt >= 4)
return 0;
return 1;
}