improve nick and channel length validation

2024-11-11 06:29:29 +01:00 · 2020-02-20 18:19:17 -05:00 · 2020-02-20 18:19:17 -05:00 · 8123e3c08f
commit 8123e3c08f
parent 108ef3f424
3 changed files with 19 additions and 9 deletions
--- a/irc/client_lookup_set.go
+++ b/irc/client_lookup_set.go
@ -115,11 +115,12 @@ func (clients *ClientManager) Resume(oldClient *Client, session *Session) (err e
 // SetNick sets a client's nickname, validating it against nicknames in use
 func (clients *ClientManager) SetNick(client *Client, session *Session, newNick string) (setNick string, err error) {
 	config := client.server.Config()
 	newcfnick, err := CasefoldName(newNick)
 	if err != nil {
 		return "", errNicknameInvalid
 	}
-	if len(newcfnick) > client.server.Config().Limits.NickLen {
+	if len(newNick) > config.Limits.NickLen || len(newcfnick) > config.Limits.NickLen {
 		return "", errNicknameInvalid
 	}
 	newSkeleton, err := Skeleton(newNick)
@ -132,7 +133,6 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 	}
 	reservedAccount, method := client.server.accounts.EnforcementStatus(newcfnick, newSkeleton)
 	config := client.server.Config()
 	client.stateMutex.RLock()
 	account := client.account
 	accountName := client.accountName
--- a/irc/config.go
+++ b/irc/config.go
@ -28,6 +28,7 @@ import (
 	"github.com/oragono/oragono/irc/ldap"
 	"github.com/oragono/oragono/irc/logger"
 	"github.com/oragono/oragono/irc/modes"
 	"github.com/oragono/oragono/irc/mysql"
 	"github.com/oragono/oragono/irc/passwd"
 	"github.com/oragono/oragono/irc/utils"
 	"gopkg.in/yaml.v2"
@ -817,6 +818,11 @@ func LoadConfig(filename string) (config *Config, err error) {
 	if config.Limits.RegistrationMessages == 0 {
 		config.Limits.RegistrationMessages = 1024
 	}
 	if config.Datastore.MySQL.Enabled {
 		if config.Limits.NickLen > mysql.MaxTargetLength || config.Limits.ChannelLen > mysql.MaxTargetLength {
 			return nil, fmt.Errorf("to use MySQL, nick and channel length limits must be %d or lower", mysql.MaxTargetLength)
 		}
 	}
 	config.Server.supportedCaps = caps.NewCompleteSet()
 	config.Server.capValues = make(caps.Values)
--- a/irc/mysql/history.go
+++ b/irc/mysql/history.go
@ -15,6 +15,10 @@ import (
 )
 const (
 	// maximum length in bytes of any message target (nickname or channel name) in its
 	// canonicalized (i.e., casefolded) state:
 	MaxTargetLength = 64
 	// latest schema of the db
 	latestDbSchema   = "1"
 	keySchemaVersion = "db.version"
@ -120,27 +124,27 @@ func (mysql *MySQL) createTables() (err error) {
 		return err
 	}
-	_, err = mysql.db.Exec(`CREATE TABLE sequence (
+	_, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE sequence (
 		id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
-		target VARBINARY(64) NOT NULL,
+		target VARBINARY(%[1]d) NOT NULL,
 		nanotime BIGINT UNSIGNED NOT NULL,
 		history_id BIGINT NOT NULL,
 		KEY (target, nanotime),
 		KEY (history_id)
-	) CHARSET=ascii COLLATE=ascii_bin;`)
+	) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
 	if err != nil {
 		return err
 	}
-	_, err = mysql.db.Exec(`CREATE TABLE conversations (
+	_, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE conversations (
 		id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
-		lower_target VARBINARY(64) NOT NULL,
+		lower_target VARBINARY(%[1]d) NOT NULL,
-		upper_target VARBINARY(64) NOT NULL,
+		upper_target VARBINARY(%[1]d) NOT NULL,
 		nanotime BIGINT UNSIGNED NOT NULL,
 		history_id BIGINT NOT NULL,
 		KEY (lower_target, upper_target, nanotime),
 		KEY (history_id)
-	) CHARSET=ascii COLLATE=ascii_bin;`)
+	) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
 	if err != nil {
 		return err
 	}