mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-10 13:23:13 +02:00
Fix "ban too broad" checking. Reported by Gottem in #4961.
* The 'ban too broad' checking was broken. This permitted glines such
as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
To disable this safety measure you can (still) use:
set { options { allow-insane-bans; }; };
This commit is contained in:
@@ -18,6 +18,10 @@ Major issues fixed:
|
||||
Minor issues fixed:
|
||||
* Prevent /OPER for oper blocks with non-existant operclass
|
||||
* Bump MAXCONNECTIONS for Windows, allowing you to hold more clients.
|
||||
* The 'ban too broad' checking was broken. This permitted glines such
|
||||
as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
|
||||
To disable this safety measure you can (still) use:
|
||||
set { options { allow-insane-bans; }; };
|
||||
|
||||
Other changes:
|
||||
* The websocket module now no longer sends \r\n in the websocket
|
||||
|
||||
+14
-10
@@ -379,15 +379,8 @@ int ban_too_broad(char *usermask, char *hostmask)
|
||||
/* Allow things like clone@*, dsfsf@*, etc.. */
|
||||
if (!strchr(usermask, '*') && !strchr(usermask, '?'))
|
||||
return 0;
|
||||
|
||||
/* STEP 1: Must at least contain 4 non-wildcard/non-dot characters */
|
||||
for (p = hostmask; *p; p++)
|
||||
if (*p != '*' && *p != '.' && *p != '?')
|
||||
cnt++;
|
||||
|
||||
if (cnt >= 4)
|
||||
return 0;
|
||||
|
||||
/* If it's a CIDR, then check /mask first.. */
|
||||
p = strchr(hostmask, '/');
|
||||
if (p)
|
||||
{
|
||||
@@ -395,13 +388,24 @@ int ban_too_broad(char *usermask, char *hostmask)
|
||||
if (strchr(hostmask, ':'))
|
||||
{
|
||||
if (cidrlen < 48)
|
||||
return 0; /* too broad IPv6 CIDR mask */
|
||||
return 1; /* too broad IPv6 CIDR mask */
|
||||
} else {
|
||||
if (cidrlen < 16)
|
||||
return 0; /* too broad IPv4 CIDR mask */
|
||||
return 1; /* too broad IPv4 CIDR mask */
|
||||
}
|
||||
}
|
||||
|
||||
/* Must at least contain 4 non-wildcard/non-dot characters.
|
||||
* This will deal with non-CIDR and hosts, but any correct
|
||||
* CIDR mask will also pass this test (which is fine).
|
||||
*/
|
||||
for (p = hostmask; *p; p++)
|
||||
if (*p != '*' && *p != '.' && *p != '?')
|
||||
cnt++;
|
||||
|
||||
if (cnt >= 4)
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user