ircu 2.10.11 currently does not check the length of incoming account
stamps, but rather truncates them to fit. This may cause problems if
accounts larger than ACCOUNTLEN (say, if the network services were
misconfigured -- or someone screwed up and misconfigured their server)
share the same prefixes of ACCOUNTLEN length, two people with different
accounts might end up "sharing."
I have attached a small patch to m_account.c against u2_10_11_02 that
will check incoming stamps against ACCOUNTLEN and complain if it is too
long.
# Zoot
# Developer, GamesNET
Index: ChangeLog
===================================================================
RCS file: /home/coder-com/cvs/ircu2.10/ChangeLog,v
retrieving revision 1.290.2.124.2.1
diff -u -r1.290.2.124.2.1 ChangeLog
--- ChangeLog 2002/09/16 17:35:58 1.290.2.124.2.1
+++ ChangeLog 2002/09/19 04:25:31
@@ -1,3 +1,8 @@
+2002-09-18 Zoot <[EMAIL PROTECTED]>
+
+ * ircd/m_account.c (ms_account): check the length of the account;
+ ignore accounts that are too long and send a warning through wallops
+
2002-09-16 Jochen Meesters <[EMAIL PROTECTED]>
* ircd/whocmds.h: Changed output of /who %a command, making it
Index: ircd/m_account.c
===================================================================
RCS file: /home/coder-com/cvs/ircu2.10/ircd/m_account.c,v
retrieving revision 1.1.2.2
diff -u -r1.1.2.2 m_account.c
--- ircd/m_account.c 2002/02/03 20:31:46 1.1.2.2
+++ ircd/m_account.c 2002/09/19 04:25:31
@@ -120,6 +120,12 @@
assert(0 == cli_user(acptr)->account[0]);
+ if (strlen(parv[2]) > ACCOUNTLEN) {
+ sendwallto_group_butone(&me, WALL_WALLOPS, NULL,
+ "Received account (%s) longer than %d for %s; ignoring.",
+parv[2], ACCOUNTLEN, cli_name(acptr));
+ return 0;
+ }
+
ircd_strncpy(cli_user(acptr)->account, parv[2], ACCOUNTLEN);
hide_hostmask(acptr, FLAGS_ACCOUNT);
