3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-23 12:29:25 +01:00

Merge pull request #523 from slingamn/issue521

fix #521
This commit is contained in:
Shivaram Lingamneni 2019-05-24 15:16:40 -04:00 committed by GitHub
commit 6b468bcd0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -529,6 +529,7 @@ func brbHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Respo
// CAP <subcmd> [<caps>] // CAP <subcmd> [<caps>]
func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool { func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
details := client.Details()
subCommand := strings.ToUpper(msg.Params[0]) subCommand := strings.ToUpper(msg.Params[0])
toAdd := caps.NewSet() toAdd := caps.NewSet()
toRemove := caps.NewSet() toRemove := caps.NewSet()
@ -571,10 +572,10 @@ func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Respo
// the server.name source... otherwise it doesn't respond to the CAP message with // the server.name source... otherwise it doesn't respond to the CAP message with
// anything and just hangs on connection. // anything and just hangs on connection.
//TODO(dan): limit number of caps and send it multiline in 3.2 style as appropriate. //TODO(dan): limit number of caps and send it multiline in 3.2 style as appropriate.
rb.Add(nil, server.name, "CAP", client.nick, subCommand, SupportedCapabilities.String(rb.session.capVersion, CapValues)) rb.Add(nil, server.name, "CAP", details.nick, subCommand, SupportedCapabilities.String(rb.session.capVersion, CapValues))
case "LIST": case "LIST":
rb.Add(nil, server.name, "CAP", client.nick, subCommand, rb.session.capabilities.String(caps.Cap301, CapValues)) // values not sent on LIST so force 3.1 rb.Add(nil, server.name, "CAP", details.nick, subCommand, rb.session.capabilities.String(caps.Cap301, CapValues)) // values not sent on LIST so force 3.1
case "REQ": case "REQ":
if !client.registered { if !client.registered {
@ -582,13 +583,20 @@ func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Respo
} }
// make sure all capabilities actually exist // make sure all capabilities actually exist
if badCaps { // #511, #521: oragono.io/nope is a fake cap to trap bad clients who blindly request
rb.Add(nil, server.name, "CAP", client.nick, "NAK", capString) // every offered capability. during registration, requesting it produces a quit,
// otherwise just a CAP NAK
if badCaps || (toAdd.Has(caps.Nope) && client.registered) {
rb.Add(nil, server.name, "CAP", details.nick, "NAK", capString)
return false return false
} else if toAdd.Has(caps.Nope) && !client.registered {
client.Quit(client.t("Requesting the oragono.io/nope CAP is forbidden"), rb.session)
return true
} }
rb.session.capabilities.Union(toAdd) rb.session.capabilities.Union(toAdd)
rb.session.capabilities.Subtract(toRemove) rb.session.capabilities.Subtract(toRemove)
rb.Add(nil, server.name, "CAP", client.nick, "ACK", capString) rb.Add(nil, server.name, "CAP", details.nick, "ACK", capString)
// if this is the first time the client is requesting a resume token, // if this is the first time the client is requesting a resume token,
// send it to them // send it to them
@ -600,13 +608,6 @@ func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Respo
} }
} }
// #511: oragono.io/nope is a fake cap to trap bad clients who blindly request
// every offered capability:
if toAdd.Has(caps.Nope) {
client.Quit(client.t("Requesting the oragono.io/nope CAP is forbidden"), rb.session)
return true
}
// update maxlenrest, just in case they altered the maxline cap // update maxlenrest, just in case they altered the maxline cap
rb.session.SetMaxlenRest() rb.session.SetMaxlenRest()
@ -616,7 +617,7 @@ func capHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Respo
} }
default: default:
rb.Add(nil, server.name, ERR_INVALIDCAPCMD, client.nick, subCommand, client.t("Invalid CAP subcommand")) rb.Add(nil, server.name, ERR_INVALIDCAPCMD, details.nick, subCommand, client.t("Invalid CAP subcommand"))
} }
return false return false
} }