Module: ngircd.git Branch: master Commit: 6cbe13085d3c8767a70d2394840a0a03ac6f290a URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6cbe13085... Author: Alexander Barton <alex@barton.de> Date: Tue Jul 19 16:00:55 2011 +0200 Spoofed prefixes: close connection on non-server links only On server-links, spoofed prefixes can happen because of the asynchronous nature of the IRC protocol. So don't break server-links, only log a message and ignore the command. This fixes bug 113, see: <https://arthur.barton.de/bugzilla/show_bug.cgi?id=113> --- src/ngircd/parse.c | 20 ++++++++++++++------ 1 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c index 72e3430..be3c864 100644 --- a/src/ngircd/parse.c +++ b/src/ngircd/parse.c @@ -325,13 +325,21 @@ Validate_Prefix( CONN_ID Idx, REQUEST *Req, bool *Closed ) /* check if the client named in the prefix is expected * to come from that direction */ if (Client_NextHop(c) != client) { - Log(LOG_ERR, - "Spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!", - Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx, - Req->command); - Conn_Close(Idx, NULL, "Spoofed prefix", true); - *Closed = true; + if (Client_Type(c) != CLIENT_SERVER) { + Log(LOG_ERR, + "Spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!", + Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx, + Req->command); + Conn_Close(Idx, NULL, "Spoofed prefix", true); + *Closed = true; + } else { + Log(LOG_INFO, + "Ignoring spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\").", + Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx, + Req->command); + } return false; + } return true;