From d38a106879916fd07cf9b2e1cd95070bf6dfd270 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sun, 22 Feb 2026 12:35:07 +0100 Subject: [PATCH] Enforce MAXBANLEN (which is MODEBUFLEN) at some more places. This shouldn't be needed except for some corner cases, like if some third party module does not limit their stuff properly, in S2S or if channeldb contains some weird long entry or something. --- include/channel.h | 1 + src/channel.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/include/channel.h b/include/channel.h index 083cfd2e1..ee9585fdb 100644 --- a/include/channel.h +++ b/include/channel.h @@ -25,6 +25,7 @@ created or just tested for existance */ #define MODEBUFLEN 200 +#define MAXBANLEN 200 /* Maximum length of a complete ban */ #define ChannelExists(n) (find_channel(n)) diff --git a/src/channel.c b/src/channel.c index 16dd90d42..f35f737b2 100644 --- a/src/channel.c +++ b/src/channel.c @@ -877,7 +877,11 @@ const char *clean_ban_mask(const char *mask_in, int what, ExtbanType ban_type, C * allow it too (so you don't get "unremovable" extbans). */ if (!MyUser(client) || (what == MODE_DEL)) + { + if ((what == MODE_ADD) && (strlen(mask) > MAXBANLEN)) + mask[MAXBANLEN] = '\0'; return mask; /* allow it */ + } return NULL; /* reject */ } @@ -895,6 +899,8 @@ const char *clean_ban_mask(const char *mask_in, int what, ExtbanType ban_type, C ret = extban->conv_param(b, extban); ret = prefix_with_extban(ret, b, extban, retbuf, sizeof(retbuf)); safe_free(b); + if (ret && strlen(ret) > MAXBANLEN) + retbuf[MAXBANLEN] = '\0'; return ret; } /* else, do some basic sanity checks and cut it off at 80 bytes */