3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00

improve nick and channel length validation

This commit is contained in:
Shivaram Lingamneni 2020-02-20 18:19:17 -05:00
parent 108ef3f424
commit 8123e3c08f
3 changed files with 19 additions and 9 deletions

View File

@ -115,11 +115,12 @@ func (clients *ClientManager) Resume(oldClient *Client, session *Session) (err e
// SetNick sets a client's nickname, validating it against nicknames in use // SetNick sets a client's nickname, validating it against nicknames in use
func (clients *ClientManager) SetNick(client *Client, session *Session, newNick string) (setNick string, err error) { func (clients *ClientManager) SetNick(client *Client, session *Session, newNick string) (setNick string, err error) {
config := client.server.Config()
newcfnick, err := CasefoldName(newNick) newcfnick, err := CasefoldName(newNick)
if err != nil { if err != nil {
return "", errNicknameInvalid return "", errNicknameInvalid
} }
if len(newcfnick) > client.server.Config().Limits.NickLen { if len(newNick) > config.Limits.NickLen || len(newcfnick) > config.Limits.NickLen {
return "", errNicknameInvalid return "", errNicknameInvalid
} }
newSkeleton, err := Skeleton(newNick) newSkeleton, err := Skeleton(newNick)
@ -132,7 +133,6 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
} }
reservedAccount, method := client.server.accounts.EnforcementStatus(newcfnick, newSkeleton) reservedAccount, method := client.server.accounts.EnforcementStatus(newcfnick, newSkeleton)
config := client.server.Config()
client.stateMutex.RLock() client.stateMutex.RLock()
account := client.account account := client.account
accountName := client.accountName accountName := client.accountName

View File

@ -28,6 +28,7 @@ import (
"github.com/oragono/oragono/irc/ldap" "github.com/oragono/oragono/irc/ldap"
"github.com/oragono/oragono/irc/logger" "github.com/oragono/oragono/irc/logger"
"github.com/oragono/oragono/irc/modes" "github.com/oragono/oragono/irc/modes"
"github.com/oragono/oragono/irc/mysql"
"github.com/oragono/oragono/irc/passwd" "github.com/oragono/oragono/irc/passwd"
"github.com/oragono/oragono/irc/utils" "github.com/oragono/oragono/irc/utils"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
@ -817,6 +818,11 @@ func LoadConfig(filename string) (config *Config, err error) {
if config.Limits.RegistrationMessages == 0 { if config.Limits.RegistrationMessages == 0 {
config.Limits.RegistrationMessages = 1024 config.Limits.RegistrationMessages = 1024
} }
if config.Datastore.MySQL.Enabled {
if config.Limits.NickLen > mysql.MaxTargetLength || config.Limits.ChannelLen > mysql.MaxTargetLength {
return nil, fmt.Errorf("to use MySQL, nick and channel length limits must be %d or lower", mysql.MaxTargetLength)
}
}
config.Server.supportedCaps = caps.NewCompleteSet() config.Server.supportedCaps = caps.NewCompleteSet()
config.Server.capValues = make(caps.Values) config.Server.capValues = make(caps.Values)

View File

@ -15,6 +15,10 @@ import (
) )
const ( const (
// maximum length in bytes of any message target (nickname or channel name) in its
// canonicalized (i.e., casefolded) state:
MaxTargetLength = 64
// latest schema of the db // latest schema of the db
latestDbSchema = "1" latestDbSchema = "1"
keySchemaVersion = "db.version" keySchemaVersion = "db.version"
@ -120,27 +124,27 @@ func (mysql *MySQL) createTables() (err error) {
return err return err
} }
_, err = mysql.db.Exec(`CREATE TABLE sequence ( _, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE sequence (
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
target VARBINARY(64) NOT NULL, target VARBINARY(%[1]d) NOT NULL,
nanotime BIGINT UNSIGNED NOT NULL, nanotime BIGINT UNSIGNED NOT NULL,
history_id BIGINT NOT NULL, history_id BIGINT NOT NULL,
KEY (target, nanotime), KEY (target, nanotime),
KEY (history_id) KEY (history_id)
) CHARSET=ascii COLLATE=ascii_bin;`) ) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
if err != nil { if err != nil {
return err return err
} }
_, err = mysql.db.Exec(`CREATE TABLE conversations ( _, err = mysql.db.Exec(fmt.Sprintf(`CREATE TABLE conversations (
id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
lower_target VARBINARY(64) NOT NULL, lower_target VARBINARY(%[1]d) NOT NULL,
upper_target VARBINARY(64) NOT NULL, upper_target VARBINARY(%[1]d) NOT NULL,
nanotime BIGINT UNSIGNED NOT NULL, nanotime BIGINT UNSIGNED NOT NULL,
history_id BIGINT NOT NULL, history_id BIGINT NOT NULL,
KEY (lower_target, upper_target, nanotime), KEY (lower_target, upper_target, nanotime),
KEY (history_id) KEY (history_id)
) CHARSET=ascii COLLATE=ascii_bin;`) ) CHARSET=ascii COLLATE=ascii_bin;`, MaxTargetLength))
if err != nil { if err != nil {
return err return err
} }