mirror
/
oragono
spogulis no https://github.com/oragono/oragono
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Laidieni 67 Vikivietne Aktivitāte
Pārlūkot izejas kodu

fix #297 

add validation for isupport tokens
tags/v1.0.0-rc1
Shivaram Lingamneni 5 gadus atpakaļ
vecāks
b34bab16a7
revīzija
ba2aacaf5b
3 mainītis faili ar 57 papildinājumiem un 9 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 12
    3
      irc/isupport/list.go
  2. 35
    3
      irc/isupport/list_test.go
  3. 10
    3
      irc/server.go

+ 12
- 3
irc/isupport/list.go Parādīt failu 

@@ -3,8 +3,11 @@
3 3
4 4 
 package isupport
5 5
6 
-import "fmt"
7 
-import "sort"
6 
+import (
7 
+	"fmt"
8 
+	"sort"
9 
+	"strings"
10 
+)
8 11
9 12 
 const (
10 13 
 	maxLastArgLength = 400
 
@@ -102,7 +105,7 @@ func (il *List) GetDifference(newil *List) [][]string {
102 105 
 }
103 106
104 107 
 // RegenerateCachedReply regenerates the cached RPL_ISUPPORT reply
105 
-func (il *List) RegenerateCachedReply() {
108 
+func (il *List) RegenerateCachedReply() (err error) {
106 109 
 	il.CachedReply = make([][]string, 0)
107 110 
 	var length int     // Length of the current cache
108 111 
 	var cache []string // Token list cache
 
@@ -116,6 +119,10 @@ func (il *List) RegenerateCachedReply() {
116 119
117 120 
 	for _, name := range tokens {
118 121 
 		token := getTokenString(name, il.Tokens[name])
122 
+		if token[0] == ':' || strings.Contains(token, " ") {
123 
+			err = fmt.Errorf("bad isupport token (cannot contain spaces or start with :): %s", token)
124 
+			continue
125 
+		}
119 126
120 127 
 		if len(token)+length <= maxLastArgLength {
121 128 
 			// account for the space separating tokens
 
@@ -136,4 +143,6 @@ func (il *List) RegenerateCachedReply() {
136 143 
 	if len(cache) > 0 {
137 144 
 		il.CachedReply = append(il.CachedReply, cache)
138 145 
 	}
146 
+
147 
+	return
139 148 
 }

+ 35
- 3
irc/isupport/list_test.go Parādīt failu 

@@ -26,7 +26,10 @@ func TestISUPPORT(t *testing.T) {
26 26 
 	tListLong.AddNoValue("D")
27 27 
 	tListLong.AddNoValue("E")
28 28 
 	tListLong.AddNoValue("F")
29 
-	tListLong.RegenerateCachedReply()
29 
+	err := tListLong.RegenerateCachedReply()
30 
+	if err != nil {
31 
+		t.Error(err)
32 
+	}
30 33
31 34 
 	longReplies := [][]string{
32 35 
 		{"1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D"},
 
@@ -44,7 +47,10 @@ func TestISUPPORT(t *testing.T) {
44 47 
 	tList1.Add("INVEX", "i")
45 48 
 	tList1.AddNoValue("EXTBAN")
46 49 
 	tList1.Add("RANDKILL", "whenever")
47 
-	tList1.RegenerateCachedReply()
50 
+	err = tList1.RegenerateCachedReply()
51 
+	if err != nil {
52 
+		t.Error(err)
53 
+	}
48 54
49 55 
 	expected := [][]string{{"CASEMAPPING=rfc1459-strict", "EXTBAN", "INVEX=i", "RANDKILL=whenever", "SASL=yes"}}
50 56 
 	if !reflect.DeepEqual(tList1.CachedReply, expected) {
 
@@ -58,7 +64,10 @@ func TestISUPPORT(t *testing.T) {
58 64 
 	tList2.AddNoValue("INVEX")
59 65 
 	tList2.Add("EXTBAN", "TestBah")
60 66 
 	tList2.AddNoValue("STABLEKILL")
61 
-	tList2.RegenerateCachedReply()
67 
+	err = tList2.RegenerateCachedReply()
68 
+	if err != nil {
69 
+		t.Error(err)
70 
+	}
62 71
63 72 
 	expected = [][]string{{"CASEMAPPING=ascii", "EXTBAN=TestBah", "INVEX", "SASL=yes", "STABLEKILL"}}
64 73 
 	if !reflect.DeepEqual(tList2.CachedReply, expected) {
 
@@ -72,3 +81,26 @@ func TestISUPPORT(t *testing.T) {
72 81 
 		t.Error("difference reply does not match expected difference reply")
73 82 
 	}
74 83 
 }
84 
+
85 
+func TestBadToken(t *testing.T) {
86 
+	list := NewList()
87 
+	list.Add("NETWORK", "Bad Network Name")
88 
+	list.Add("SASL", "yes")
89 
+	list.Add("CASEMAPPING", "rfc1459-strict")
90 
+	list.Add("INVEX", "i")
91 
+	list.AddNoValue("EXTBAN")
92 
+
93 
+	err := list.RegenerateCachedReply()
94 
+	if err == nil {
95 
+		t.Error("isupport token generation should fail due to space in network name")
96 
+	}
97 
+
98 
+	// should produce a list containing the other, valid params
99 
+	numParams := 0
100 
+	for _, tokenLine := range list.CachedReply {
101 
+		numParams += len(tokenLine)
102 
+	}
103 
+	if numParams != 4 {
104 
+		t.Errorf("expected the other 4 params to be generated, got %v", list.CachedReply)
105 
+	}
106 
+}

+ 10
- 3
irc/server.go Parādīt failu 

@@ -147,7 +147,7 @@ func NewServer(config *Config, logger *logger.Manager) (*Server, error) {
147 147 
 }
148 148
149 149 
 // setISupport sets up our RPL_ISUPPORT reply.
150 
-func (server *Server) setISupport() {
150 
+func (server *Server) setISupport() (err error) {
151 151 
 	maxTargetsString := strconv.Itoa(maxTargets)
152 152
153 153 
 	config := server.Config()
 
@@ -192,11 +192,15 @@ func (server *Server) setISupport() {
192 192 
 		isupport.Add("REGCREDTYPES", "passphrase,certfp")
193 193 
 	}
194 194
195 
-	isupport.RegenerateCachedReply()
195 
+	err = isupport.RegenerateCachedReply()
196 
+	if err != nil {
197 
+		return
198 
+	}
196 199
197 200 
 	server.configurableStateMutex.Lock()
198 201 
 	server.isupport = isupport
199 202 
 	server.configurableStateMutex.Unlock()
203 
+	return
200 204 
 }
201 205
202 206 
 func loadChannelList(channel *Channel, list string, maskMode modes.Mode) {
 
@@ -787,7 +791,10 @@ func (server *Server) applyConfig(config *Config, initial bool) (err error) {
787 791 
 	// set RPL_ISUPPORT
788 792 
 	var newISupportReplies [][]string
789 793 
 	oldISupportList := server.ISupport()
790 
-	server.setISupport()
794 
+	err = server.setISupport()
795 
+	if err != nil {
796 
+		return err
797 
+	}
791 798 
 	if oldISupportList != nil {
792 799 
 		newISupportReplies = oldISupportList.GetDifference(server.ISupport())
793 800 
 	}

Rakstīt Priekšskatītījums
Notiek ielāde…
Atcelt
Saglabāt