From af2b4331951a15b2655203039b5be09f68a7f222 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 25 Oct 2020 23:31:45 -0400 Subject: [PATCH] validate normalized masks as IRC params --- irc/strings.go | 8 +++++++- irc/strings_test.go | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/irc/strings.go b/irc/strings.go index a977190e..c59f1bed 100644 --- a/irc/strings.go +++ b/irc/strings.go @@ -15,6 +15,8 @@ import ( "golang.org/x/text/secure/precis" "golang.org/x/text/unicode/norm" "golang.org/x/text/width" + + "github.com/oragono/oragono/irc/utils" ) const ( @@ -270,7 +272,11 @@ func CanonicalizeMaskWildcard(userhost string) (expanded string, err error) { if host != "*" { host = strings.ToLower(host) } - return fmt.Sprintf("%s!%s@%s", nick, user, host), nil + expanded = fmt.Sprintf("%s!%s@%s", nick, user, host) + if utils.SafeErrorParam(expanded) != expanded { + err = errInvalidCharacter + } + return } func foldASCII(str string) (result string, err error) { diff --git a/irc/strings_test.go b/irc/strings_test.go index 1ffc1500..4ee5d1a9 100644 --- a/irc/strings_test.go +++ b/irc/strings_test.go @@ -193,7 +193,7 @@ func TestSkeleton(t *testing.T) { func TestCanonicalizeMaskWildcard(t *testing.T) { tester := func(input, expected string, expectedErr error) { out, err := CanonicalizeMaskWildcard(input) - if out != expected { + if expectedErr == nil && out != expected { t.Errorf("expected %s to canonicalize to %s, instead %s", input, expected, out) } if err != expectedErr { @@ -216,6 +216,10 @@ func TestCanonicalizeMaskWildcard(t *testing.T) { tester("Shivaram*", "shivaram*!*@*", nil) tester("*SHIVARAM*", "*shivaram*!*@*", nil) tester("*SHIVARAM* ", "*shivaram*!*@*", nil) + + tester(":shivaram", "", errInvalidCharacter) + tester("shivaram!us er@host", "", errInvalidCharacter) + tester("shivaram!user@ho st", "", errInvalidCharacter) } func validFoldTester(first, second string, equal bool, folder func(string) (string, error), t *testing.T) {