From dcb348756634067ae06b2b6104ab266fb28ca4ba Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Wed, 22 May 2019 22:16:01 -0400 Subject: [PATCH] fix #511 --- gencapdefs.py | 6 ++++++ irc/caps/defs.go | 7 ++++++- irc/handlers.go | 7 +++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/gencapdefs.py b/gencapdefs.py index 31045839..10c9481b 100644 --- a/gencapdefs.py +++ b/gencapdefs.py @@ -171,6 +171,12 @@ CAPDEFS = [ url="https://wiki.znc.in/Playback", standard="ZNC vendor", ), + CapDef( + identifier="Nope", + name="oragono.io/nope", + url="https://oragono.io/nope", + standard="Oragono vendor", + ), ] def validate_defs(): diff --git a/irc/caps/defs.go b/irc/caps/defs.go index 2d086227..e4fcfcac 100644 --- a/irc/caps/defs.go +++ b/irc/caps/defs.go @@ -7,7 +7,7 @@ package caps const ( // number of recognized capabilities: - numCapabs = 26 + numCapabs = 27 // length of the uint64 array that represents the bitset: bitsetLen = 1 ) @@ -116,6 +116,10 @@ const ( // ZNCPlayback is the ZNC vendor capability named "znc.in/playback": // https://wiki.znc.in/Playback ZNCPlayback Capability = iota + + // Nope is the Oragono vendor capability named "oragono.io/nope": + // https://oragono.io/nope + Nope Capability = iota ) // `capabilityNames[capab]` is the string name of the capability `capab` @@ -147,5 +151,6 @@ var ( "znc.in/self-message", "draft/event-playback", "znc.in/playback", + "oragono.io/nope", } ) diff --git a/irc/handlers.go b/irc/handlers.go index 801cd8c6..dbd964f1 100644 --- a/irc/handlers.go +++ b/irc/handlers.go @@ -574,6 +574,13 @@ func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Respo } } + // #511: oragono.io/nope is a fake cap to trap bad clients who blindly request + // every offered capability: + if toAdd.Has(caps.Nope) { + client.Quit(client.t("Requesting the oragono.io/nope CAP is forbidden"), rb.session) + return true + } + // update maxlenrest, just in case they altered the maxline cap rb.session.SetMaxlenRest()