Alexander Barton : Spoofed prefixes: close connection on non-server links only - ngIRCd GIT Updates

9 Aug 2011

Module: ngircd.git
Branch: master
Commit: 6cbe13085d3c8767a70d2394840a0a03ac6f290a
URL:    http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6cbe1...
Author: Alexander Barton alex@barton.de
Date:   Tue Jul 19 16:00:55 2011 +0200
Spoofed prefixes: close connection on non-server links only
On server-links, spoofed prefixes can happen because of the asynchronous
nature of the IRC protocol. So don't break server-links, only log a message
and ignore the command.
This fixes bug 113, see:
https://arthur.barton.de/bugzilla/show_bug.cgi?id=113
---
src/ngircd/parse.c |   20 ++++++++++++++------
 1 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c
index 72e3430..be3c864 100644
--- a/src/ngircd/parse.c
+++ b/src/ngircd/parse.c
@@ -325,13 +325,21 @@ Validate_Prefix( CONN_ID Idx, REQUEST *Req, bool *Closed )
    /* check if the client named in the prefix is expected
     * to come from that direction */
    if (Client_NextHop(c) != client) {
-		Log(LOG_ERR,
-		    "Spoofed prefix "%s" from "%s" (connection %d, command "%s")!",
-		    Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx,
-		    Req->command);
-		Conn_Close(Idx, NULL, "Spoofed prefix", true);
-		*Closed = true;
+		if (Client_Type(c) != CLIENT_SERVER) {
+			Log(LOG_ERR,
+			    "Spoofed prefix "%s" from "%s" (connection %d, command "%s")!",
+			    Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx,
+			    Req->command);
+			Conn_Close(Idx, NULL, "Spoofed prefix", true);
+			*Closed = true;
+		} else {
+			Log(LOG_INFO,
+			    "Ignoring spoofed prefix "%s" from "%s" (connection %d, command "%s").",
+			    Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx,
+			    Req->command);
+		}
    	return false;
+
    }
return true;

    