3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 10:42:52 +01:00

improve nick and channel length validation

This commit is contained in:
Shivaram Lingamneni 2020-02-20 18:19:17 -05:00
parent 108ef3f424
commit 8123e3c08f
3 changed files with 19 additions and 9 deletions

View File

@ -115,11 +115,12 @@ func (clients *ClientManager) Resume(oldClient *Client, session *Session) (err e
// SetNick sets a client's nickname, validating it against nicknames in use
func (clients *ClientManager) SetNick(client *Client, session *Session, newNick string) (setNick string, err error) {
config := client.server.Config()
newcfnick, err := CasefoldName(newNick)
if err != nil {
return "", errNicknameInvalid
}
if len(newcfnick) > client.server.Config().Limits.NickLen {
if len(newNick) > config.Limits.NickLen || len(newcfnick) > config.Limits.NickLen {
return "", errNicknameInvalid
}
newSkeleton, err := Skeleton(newNick)
@ -132,7 +133,6 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
}
reservedAccount, method := client.server.accounts.EnforcementStatus(newcfnick, newSkeleton)
config := client.server.Config()
client.stateMutex.RLock()
account := client.account
accountName := client.accountName

View File

@ -28,6 +28,7 @@ import (
"github.com/oragono/oragono/irc/ldap"
"github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/modes"
"github.com/oragono/oragono/irc/mysql"
"github.com/oragono/oragono/irc/passwd"
"github.com/oragono/oragono/irc/utils"
"gopkg.in/yaml.v2"
@ -817,6 +818,11 @@ func LoadConfig(filename string) (config *Config, err error) {
if config.Limits.RegistrationMessages == 0 {
config.Limits.RegistrationMessages = 1024
}
if config.Datastore.MySQL.Enabled {
if config.Limits.NickLen > mysql.MaxTargetLength || config.Limits.ChannelLen > mysql.MaxTargetLength {
return nil, fmt.Errorf("to use MySQL, nick and channel length limits must be %d or lower", mysql.MaxTargetLength)
}
}
config.Server.supportedCaps = caps.NewCompleteSet()
config.Server.capValues = make(caps.Values)

View File

@ -15,6 +15,10 @@ import (
)
const (
// maximum length in bytes of any message target (nickname or channel name) in its
// canonicalized (i.e., casefolded) state:
MaxTargetLength = 64
// latest schema of the db
latestDbSchema = "1"
keySchemaVersion = "db.version"
@ -120,27 +124,27 @@ func (mysql *MySQL) createTables() (err error) {
return err
}
_, err = mysql.db.Exec(`CREATE TABLE sequence (
_, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE sequence (
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
target VARBINARY(64) NOT NULL,
target VARBINARY(%[1]d) NOT NULL,
nanotime BIGINT UNSIGNED NOT NULL,
history_id BIGINT NOT NULL,
KEY (target, nanotime),
KEY (history_id)
) CHARSET=ascii COLLATE=ascii_bin;`)
) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
if err != nil {
return err
}
_, err = mysql.db.Exec(`CREATE TABLE conversations (
_, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE conversations (
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
lower_target VARBINARY(64) NOT NULL,
upper_target VARBINARY(64) NOT NULL,
lower_target VARBINARY(%[1]d) NOT NULL,
upper_target VARBINARY(%[1]d) NOT NULL,
nanotime BIGINT UNSIGNED NOT NULL,
history_id BIGINT NOT NULL,
KEY (lower_target, upper_target, nanotime),
KEY (history_id)
) CHARSET=ascii COLLATE=ascii_bin;`)
) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
if err != nil {
return err
}