improve nick and channel length validation

irc/client_lookup_set.go

@@ -115,11 +115,12 @@ func (clients *ClientManager) Resume(oldClient *Client, session *Session) (err e
 
 // SetNick sets a client's nickname, validating it against nicknames in use
 func (clients *ClientManager) SetNick(client *Client, session *Session, newNick string) (setNick string, err error) {
+	config := client.server.Config()
 	newcfnick, err := CasefoldName(newNick)
 	if err != nil {
 		return "", errNicknameInvalid
 	}
-	if len(newcfnick) > client.server.Config().Limits.NickLen {
+	if len(newNick) > config.Limits.NickLen || len(newcfnick) > config.Limits.NickLen {
 		return "", errNicknameInvalid
 	}
 	newSkeleton, err := Skeleton(newNick)
@@ -132,7 +133,6 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 	}
 
 	reservedAccount, method := client.server.accounts.EnforcementStatus(newcfnick, newSkeleton)
-	config := client.server.Config()
 	client.stateMutex.RLock()
 	account := client.account
 	accountName := client.accountName

irc/config.go

@@ -28,6 +28,7 @@ import (
 	"github.com/oragono/oragono/irc/ldap"
 	"github.com/oragono/oragono/irc/logger"
 	"github.com/oragono/oragono/irc/modes"
+	"github.com/oragono/oragono/irc/mysql"
 	"github.com/oragono/oragono/irc/passwd"
 	"github.com/oragono/oragono/irc/utils"
 	"gopkg.in/yaml.v2"
@@ -817,6 +818,11 @@ func LoadConfig(filename string) (config *Config, err error) {
 	if config.Limits.RegistrationMessages == 0 {
 		config.Limits.RegistrationMessages = 1024
 	}
+	if config.Datastore.MySQL.Enabled {
+		if config.Limits.NickLen > mysql.MaxTargetLength || config.Limits.ChannelLen > mysql.MaxTargetLength {
+			return nil, fmt.Errorf("to use MySQL, nick and channel length limits must be %d or lower", mysql.MaxTargetLength)
+		}
+	}
 
 	config.Server.supportedCaps = caps.NewCompleteSet()
 	config.Server.capValues = make(caps.Values)

irc/mysql/history.go

@@ -15,6 +15,10 @@ import (
 )
 
 const (
+	// maximum length in bytes of any message target (nickname or channel name) in its
+	// canonicalized (i.e., casefolded) state:
+	MaxTargetLength = 64
+
 	// latest schema of the db
 	latestDbSchema   = "1"
 	keySchemaVersion = "db.version"
@@ -120,27 +124,27 @@ func (mysql *MySQL) createTables() (err error) {
 		return err
 	}
 
-	_, err = mysql.db.Exec(`CREATE TABLE sequence (
+	_, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE sequence (
 		id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
-		target VARBINARY(64) NOT NULL,
+		target VARBINARY(%[1]d) NOT NULL,
 		nanotime BIGINT UNSIGNED NOT NULL,
 		history_id BIGINT NOT NULL,
 		KEY (target, nanotime),
 		KEY (history_id)
-	) CHARSET=ascii COLLATE=ascii_bin;`)
+	) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
 	if err != nil {
 		return err
 	}
 
-	_, err = mysql.db.Exec(`CREATE TABLE conversations (
+	_, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE conversations (
 		id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
-		lower_target VARBINARY(64) NOT NULL,
-		upper_target VARBINARY(64) NOT NULL,
+		lower_target VARBINARY(%[1]d) NOT NULL,
+		upper_target VARBINARY(%[1]d) NOT NULL,
 		nanotime BIGINT UNSIGNED NOT NULL,
 		history_id BIGINT NOT NULL,
 		KEY (lower_target, upper_target, nanotime),
 		KEY (history_id)
-	) CHARSET=ascii COLLATE=ascii_bin;`)
+	) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
 	if err != nil {
 		return err
 	}