extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret channels, which prevents trivial ban evasion by setting the target channel +s. Information leak due to this change is unlikely since the attacker would have to know that the target channel exists, the name of the channel (or guess it), have a specific user they wanted to know whether was in the channel (and not know already), and the target user would need to have something like autojoin-on-invite enabled (or any of the other various ways hostname cloaking is attacked).
This commit is contained in:
parent
28f877462d
commit
1175ff837d
2 changed files with 2 additions and 9 deletions
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Channel extban type: matches users who are in a certain public channel
|
||||
* Channel extban type: matches users who are in a certain channel
|
||||
* -- jilles
|
||||
*/
|
||||
|
||||
|
@ -47,8 +47,5 @@ static int eb_channel(const char *data, struct Client *client_p,
|
|||
/* require consistent target */
|
||||
if (chptr->chname[0] == '#' && data[0] == '&')
|
||||
return EXTBAN_INVALID;
|
||||
/* privacy! don't allow +s/+p channels to influence another channel */
|
||||
if (!PubChannel(chptr2) && chptr2 != chptr)
|
||||
return EXTBAN_INVALID;
|
||||
return IsMember(client_p, chptr2) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
|
||||
}
|
||||
|
|
|
@ -18,11 +18,7 @@ Unless noted below, all types can be used with +b, +q, +e and +I.
|
|||
$a - Matches all logged in users
|
||||
$a:<mask> - Matches users logged in with a username matching the mask
|
||||
(* and ? wildcards)
|
||||
$c:<chan> - Matches users who are on the given channel; this is only
|
||||
valid if the channel exists and is not +s or +p. (The ops
|
||||
of the channel the ban is on cannot necessarily see whether
|
||||
the user is in the target channel, so it should not
|
||||
influence whether they can join either.)
|
||||
$c:<chan> - Matches users who are on the given channel
|
||||
$o - Matches opers (most useful with +I)
|
||||
$r:<mask> - Matches users with a realname (gecos) matching the mask
|
||||
(* and ? wildcards); this can only be used with +b and +q
|
||||
|
|
Loading…
Reference in a new issue