From 89984f9c3610d00bfa5191506383b0a5689d11b9 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Sun, 10 May 2020 19:12:18 -0400
Subject: [PATCH] fix untrusted PROXY lines being accepted

As of 3dc5c8de787309, the PROXY-before-TLS proxy line
and any proxy information carried in X-Forwarded-For
do not count as the "first line", so an additional
client-supplied PROXY line would have been accepted.
---
 irc/gateways.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/irc/gateways.go b/irc/gateways.go
index da58c67a..57140b89 100644
--- a/irc/gateways.go
+++ b/irc/gateways.go
@@ -57,8 +57,9 @@ func (wc *webircConfig) Populate() (err error) {
 // ApplyProxiedIP applies the given IP to the client.
 func (client *Client) ApplyProxiedIP(session *Session, proxiedIP net.IP, tls bool) (err error, quitMsg string) {
 	// PROXY and WEBIRC are never accepted from a Tor listener, even if the address itself
-	// is whitelisted:
-	if session.isTor {
+	// is whitelisted. Furthermore, don't accept PROXY or WEBIRC if we already accepted
+	// a proxied IP from any source (PROXY, WEBIRC, or X-Forwarded-For):
+	if session.isTor || session.proxiedIP != nil {
 		return errBadProxyLine, ""
 	}