From f4755fe58761fa269f76cbfbe6fd5fa007ba703b Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Wed, 29 Mar 2023 16:34:36 +0200 Subject: [PATCH] Do some sanity checks on flood profile names max length 24, and every character is a-z, 0-9, -, _ --- src/modules/chanmodes/floodprot.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/modules/chanmodes/floodprot.c b/src/modules/chanmodes/floodprot.c index 7abde120b..8e7c70b6d 100644 --- a/src/modules/chanmodes/floodprot.c +++ b/src/modules/chanmodes/floodprot.c @@ -440,6 +440,18 @@ int floodprot_config_run_set_block(ConfigFile *cf, ConfigEntry *ce, int type) return 1; } +/** Check if 'str' is a flood profile name + */ +int valid_flood_profile_name(const char *str) +{ + if (strlen(str) > 24) + return 0; + for (; *str; str++) + if (!islower(*str) && !isdigit(*str) && !strchr("_-", *str)) + return 0; + return 1; +} + int floodprot_config_test_antiflood_block(ConfigFile *cf, ConfigEntry *ce, int type, int *errs) { int errors = 0; @@ -466,6 +478,14 @@ int floodprot_config_test_antiflood_block(ConfigFile *cf, ConfigEntry *ce, int t errors++; continue; } + if (!valid_flood_profile_name(ce->value)) + { + config_error("%s:%i: set::anti-flood::channel: profile '%s' name is invalid. " + "Name can be 24 characters max and may only contain characters a-z, 0-9, _ and -", + cep->file->filename, cep->line_number, ce->value); + errors++; + continue; + } for (cep = ce->items; cep; cep = cep->next) { if (!strcmp(cep->name, "flood-mode"))