fix #297

add validation for isupport tokens

irc/isupport/list.go

 
 package isupport
 
-import "fmt"
-import "sort"
+import (
+	"fmt"
+	"sort"
+	"strings"
+)
 
 const (
 	maxLastArgLength = 400
 }
 
 // RegenerateCachedReply regenerates the cached RPL_ISUPPORT reply
-func (il *List) RegenerateCachedReply() {
+func (il *List) RegenerateCachedReply() (err error) {
 	il.CachedReply = make([][]string, 0)
 	var length int     // Length of the current cache
 	var cache []string // Token list cache
 
 	for _, name := range tokens {
 		token := getTokenString(name, il.Tokens[name])
+		if token[0] == ':' || strings.Contains(token, " ") {
+			err = fmt.Errorf("bad isupport token (cannot contain spaces or start with :): %s", token)
+			continue
+		}
 
 		if len(token)+length <= maxLastArgLength {
 			// account for the space separating tokens
 	if len(cache) > 0 {
 		il.CachedReply = append(il.CachedReply, cache)
 	}
+
+	return
 }

irc/isupport/list_test.go

 	tListLong.AddNoValue("D")
 	tListLong.AddNoValue("E")
 	tListLong.AddNoValue("F")
-	tListLong.RegenerateCachedReply()
+	err := tListLong.RegenerateCachedReply()
+	if err != nil {
+		t.Error(err)
+	}
 
 	longReplies := [][]string{
 		{"1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D"},
 	tList1.Add("INVEX", "i")
 	tList1.AddNoValue("EXTBAN")
 	tList1.Add("RANDKILL", "whenever")
-	tList1.RegenerateCachedReply()
+	err = tList1.RegenerateCachedReply()
+	if err != nil {
+		t.Error(err)
+	}
 
 	expected := [][]string{{"CASEMAPPING=rfc1459-strict", "EXTBAN", "INVEX=i", "RANDKILL=whenever", "SASL=yes"}}
 	if !reflect.DeepEqual(tList1.CachedReply, expected) {
 	tList2.AddNoValue("INVEX")
 	tList2.Add("EXTBAN", "TestBah")
 	tList2.AddNoValue("STABLEKILL")
-	tList2.RegenerateCachedReply()
+	err = tList2.RegenerateCachedReply()
+	if err != nil {
+		t.Error(err)
+	}
 
 	expected = [][]string{{"CASEMAPPING=ascii", "EXTBAN=TestBah", "INVEX", "SASL=yes", "STABLEKILL"}}
 	if !reflect.DeepEqual(tList2.CachedReply, expected) {
 		t.Error("difference reply does not match expected difference reply")
 	}
 }
+
+func TestBadToken(t *testing.T) {
+	list := NewList()
+	list.Add("NETWORK", "Bad Network Name")
+	list.Add("SASL", "yes")
+	list.Add("CASEMAPPING", "rfc1459-strict")
+	list.Add("INVEX", "i")
+	list.AddNoValue("EXTBAN")
+
+	err := list.RegenerateCachedReply()
+	if err == nil {
+		t.Error("isupport token generation should fail due to space in network name")
+	}
+
+	// should produce a list containing the other, valid params
+	numParams := 0
+	for _, tokenLine := range list.CachedReply {
+		numParams += len(tokenLine)
+	}
+	if numParams != 4 {
+		t.Errorf("expected the other 4 params to be generated, got %v", list.CachedReply)
+	}
+}

irc/server.go

 }
 
 // setISupport sets up our RPL_ISUPPORT reply.
-func (server *Server) setISupport() {
+func (server *Server) setISupport() (err error) {
 	maxTargetsString := strconv.Itoa(maxTargets)
 
 	config := server.Config()
 		isupport.Add("REGCREDTYPES", "passphrase,certfp")
 	}
 
-	isupport.RegenerateCachedReply()
+	err = isupport.RegenerateCachedReply()
+	if err != nil {
+		return
+	}
 
 	server.configurableStateMutex.Lock()
 	server.isupport = isupport
 	server.configurableStateMutex.Unlock()
+	return
 }
 
 func loadChannelList(channel *Channel, list string, maskMode modes.Mode) {
 	// set RPL_ISUPPORT
 	var newISupportReplies [][]string
 	oldISupportList := server.ISupport()
-	server.setISupport()
+	err = server.setISupport()
+	if err != nil {
+		return err
+	}
 	if oldISupportList != nil {
 		newISupportReplies = oldISupportList.GetDifference(server.ISupport())
 	}