X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Fparse.c;h=72e3430998b301d4011b9b55175e1a91d41875a6;hb=d99edb7728e058a889e4734f8592f495effa5bc3;hp=3710d70c494d07972d3198245a00e0dd445bb719;hpb=6e8cf51bb216f956e7a6fdb5c61b0f2799bf8d2d;p=ngircd-alex.git diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c index 3710d70c..72e34309 100644 --- a/src/ngircd/parse.c +++ b/src/ngircd/parse.c @@ -26,7 +26,6 @@ #include "ngircd.h" #include "defines.h" #include "conn-func.h" -#include "client.h" #include "channel.h" #include "log.h" #include "messages.h" @@ -48,6 +47,7 @@ #include "numeric.h" #include "exp.h" +#include "conf.h" struct _NUMERIC { int numeric; @@ -83,7 +83,7 @@ static COMMAND My_Commands[] = { "PART", IRC_PART, CLIENT_USER|CLIENT_SERVER, 0, 0, 0 }, { "PASS", IRC_PASS, 0xFFFF, 0, 0, 0 }, { "PING", IRC_PING, CLIENT_USER|CLIENT_SERVER, 0, 0, 0 }, - { "PONG", IRC_PONG, CLIENT_USER|CLIENT_SERVER, 0, 0, 0 }, + { "PONG", IRC_PONG, 0xFFFF, 0, 0, 0 }, { "PRIVMSG", IRC_PRIVMSG, CLIENT_USER|CLIENT_SERVER, 0, 0, 0 }, { "QUIT", IRC_QUIT, 0xFFFF, 0, 0, 0 }, { "REHASH", IRC_REHASH, CLIENT_USER, 0, 0, 0 }, @@ -109,6 +109,10 @@ static COMMAND My_Commands[] = { "WHOWAS", IRC_WHOWAS, CLIENT_USER|CLIENT_SERVER, 0, 0, 0 }, #ifdef IRCPLUS { "CHANINFO", IRC_CHANINFO, CLIENT_SERVER, 0, 0, 0 }, +#endif +#ifndef STRICT_RFC + { "GET", IRC_QUIT_HTTP, CLIENT_UNKNOWN, 0, 0, 0 }, + { "POST", IRC_QUIT_HTTP, CLIENT_UNKNOWN, 0, 0, 0 }, #endif { NULL, NULL, 0x0, 0, 0, 0 } /* Ende-Marke */ }; @@ -121,7 +125,7 @@ static bool Validate_Args PARAMS(( CONN_ID Idx, REQUEST *Req, bool *Closed )); static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req )); -#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) +static bool ScrubCTCP PARAMS((char *Request)); /** * Return the pointer to the global "IRC command structure". @@ -173,15 +177,17 @@ Parse_Request( CONN_ID Idx, char *Request ) /* remove leading & trailing whitespace */ ngt_TrimStr( Request ); - if( Request[0] == ':' ) - { + if (Conf_ScrubCTCP && ScrubCTCP(Request)) + return true; + + if (Request[0] == ':') { /* Prefix */ req.prefix = Request + 1; ptr = strchr( Request, ' ' ); if( ! ptr ) { LogDebug("Connection %d: Parse error: prefix without command!?", Idx); - return Conn_WriteStr( Idx, "ERROR :Prefix without command!?" ); + return Conn_WriteStr(Idx, "ERROR :Prefix without command"); } *ptr = '\0'; #ifndef STRICT_RFC @@ -275,14 +281,29 @@ Validate_Prefix( CONN_ID Idx, REQUEST *Req, bool *Closed ) *Closed = false; - if( ! Req->prefix ) return true; - client = Conn_GetClient( Idx ); assert( client != NULL ); - /* only validate if this connection is already registered */ - if(( Client_Type( client ) != CLIENT_USER ) && ( Client_Type( client ) != CLIENT_SERVER ) && ( Client_Type( client ) != CLIENT_SERVICE )) + if (!Req->prefix && Client_Type(client) == CLIENT_SERVER + && !(Conn_Options(Idx) & CONN_RFC1459) + && strcasecmp(Req->command, "ERROR") != 0 + && strcasecmp(Req->command, "PING") != 0) { + Log(LOG_ERR, + "Received command without prefix (connection %d, command \"%s\")!?", + Idx, Req->command); + if (!Conn_WriteStr(Idx, "ERROR :Prefix missing")) + *Closed = true; + return false; + } + + if (!Req->prefix) + return true; + + /* only validate if this connection is already registered */ + if (Client_Type(client) != CLIENT_USER + && Client_Type(client) != CLIENT_SERVER + && Client_Type(client) != CLIENT_SERVICE) { /* not registered, ignore prefix */ Req->prefix = NULL; return true; @@ -290,19 +311,25 @@ Validate_Prefix( CONN_ID Idx, REQUEST *Req, bool *Closed ) /* check if client in prefix is known */ c = Client_Search( Req->prefix ); - if( ! c ) - { - Log( LOG_ERR, "Invalid prefix \"%s\", client not known (connection %d, command %s)!?", Req->prefix, Idx, Req->command ); - if( ! Conn_WriteStr( Idx, "ERROR :Invalid prefix \"%s\", client not known!?", Req->prefix )) *Closed = true; + if (!c) { + Log(LOG_ERR, + "Invalid prefix \"%s\", client not known (connection %d, command \"%s\")!?", + Req->prefix, Idx, Req->command); + if (!Conn_WriteStr(Idx, + "ERROR :Invalid prefix \"%s\", client not known", + Req->prefix)) + *Closed = true; return false; } /* check if the client named in the prefix is expected * to come from that direction */ - if( Client_NextHop( c ) != client ) - { - Log( LOG_ERR, "Spoofed prefix \"%s\" from \"%s\" (connection %d, command %s)!", Req->prefix, Client_Mask( Conn_GetClient( Idx )), Idx, Req->command ); - Conn_Close( Idx, NULL, "Spoofed prefix", true); + if (Client_NextHop(c) != client) { + Log(LOG_ERR, + "Spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!", + Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx, + Req->command); + Conn_Close(Idx, NULL, "Spoofed prefix", true); *Closed = true; return false; } @@ -398,7 +425,7 @@ Handle_Numeric(CLIENT *client, REQUEST *Req) /* This server is the target of the numeric */ num = atoi(Req->command); - for (i = 0; i < (int) ARRAY_SIZE(Numerics); i++) { + for (i = 0; i < (int) C_ARRAY_SIZE(Numerics); i++) { if (num == Numerics[i].numeric) { if (!Numerics[i].function) return CONNECTED; @@ -437,7 +464,6 @@ Handle_Numeric(CLIENT *client, REQUEST *Req) return IRC_WriteStrClientPrefix(target, prefix, "%s", str); } - static bool Handle_Request( CONN_ID Idx, REQUEST *Req ) { @@ -503,4 +529,39 @@ Handle_Request( CONN_ID Idx, REQUEST *Req ) } /* Handle_Request */ +/** + * Check if incoming messages contains CTCP commands and should be dropped. + * + * @param Request NULL terminated incoming command. + * @returns true, when the message should be dropped. + */ +static bool +ScrubCTCP(char *Request) +{ + static const char me_cmd[] = "ACTION "; + static const char ctcp_char = 0x1; + bool dropCommand = false; + char *ptr = Request; + char *ptrEnd = strchr(Request, '\0'); + + if (Request[0] == ':' && ptrEnd > ptr) + ptr++; + + while (ptr != ptrEnd && *ptr != ':') + ptr++; + + if ((ptrEnd - ptr) > 1) { + ptr++; + if (*ptr == ctcp_char) { + dropCommand = true; + ptr++; + /* allow /me commands */ + if ((size_t)(ptrEnd - ptr) >= strlen(me_cmd) + && !strncmp(ptr, me_cmd, strlen(me_cmd))) + dropCommand = false; + } + } + return dropCommand; +} + /* -eof- */