GitHub
/
ergo
mirror of https://github.com/ergochat/ergo.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

slightly more defensive implementation of /OPER check

This commit is contained in:
Shivaram Lingamneni 2019-12-19 18:30:19 -05:00
parent 78da024b24
commit 01488bfe2e
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
irc/handlers.go
View File

@ -2177,22 +2177,27 @@ func operHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Resp
return false return false
} }
// must have a matching oper block and not fail any enabled checks // must pass at least one check, and all enabled checks
// (config validation ensures that there is at least one check) var checkPassed, checkFailed bool
oper := server.GetOperator(msg.Params[0]) oper := server.GetOperator(msg.Params[0])
authorized := oper != nil
if oper != nil { if oper != nil {
if oper.Fingerprint != "" && !utils.CertfpsMatch(oper.Fingerprint, client.certfp) { if oper.Fingerprint != "" {
authorized = false if utils.CertfpsMatch(oper.Fingerprint, client.certfp) {
} else if oper.Pass != nil { checkPassed = true
if len(msg.Params) == 1 { } else {
authorized = false checkFailed = true
} else if bcrypt.CompareHashAndPassword(oper.Pass, []byte(msg.Params[1])) != nil { }
authorized = false }
if !checkFailed && oper.Pass != nil {
if len(msg.Params) == 1 || bcrypt.CompareHashAndPassword(oper.Pass, []byte(msg.Params[1])) != nil {
checkFailed = true
} else {
checkPassed = true
} }
} }
} }
if !authorized {
if !checkPassed || checkFailed {
rb.Add(nil, server.name, ERR_PASSWDMISMATCH, client.Nick(), client.t("Password incorrect")) rb.Add(nil, server.name, ERR_PASSWDMISMATCH, client.Nick(), client.t("Password incorrect"))
client.Quit(client.t("Password incorrect"), rb.session) client.Quit(client.t("Password incorrect"), rb.session)
return true return true