فهرست منبع

* Added a SHA1 hash to the encryption negotiation to stop non-bots (hackers) from playing :)

svn: 1649
Bryan Drewery 21 سال پیش
والد
کامیت
37f01436cf
4فایلهای تغییر یافته به همراه34 افزوده شده و 5 حذف شده
  1. 23 5
      src/dcc.c
  2. 1 0
      src/dcc.h
  3. 9 0
      src/enclink.c
  4. 1 0
      src/enclink.h

+ 23 - 5
src/dcc.c

@@ -352,7 +352,7 @@ dcc_bot_new(int idx, char *buf, int x)
     int snum = findanysnum(dcc[idx].sock);
 
     if (snum >= 0) {
-      char *tmp = strdup(buf), *tmpp = tmp, *p = NULL;
+      char *rand = newsplit(&buf), *tmp = strdup(buf), *tmpp = tmp, *p = NULL;
       int i = -1;
 
       while ((p = strchr(buf, ' ')) && i == -1) {
@@ -367,7 +367,8 @@ dcc_bot_new(int idx, char *buf, int x)
       free(tmpp);
 
       sdprintf("Choosing '%s' for link", enclink[i].name);
-      dprintf(idx, "neg %d\n", enclink[i].type);
+      link_hash(idx, rand);
+      dprintf(idx, "neg %s %d\n", dcc[idx].shahash, enclink[i].type);
       socklist[snum].enclink = i;
       if (enclink[i].link)
         (enclink[i].link) (idx, TO);	
@@ -936,6 +937,14 @@ dcc_chat_pass(int idx, char *buf, int atr)
       int snum = findanysnum(dcc[idx].sock);
 
       if (snum >= 0) {
+        char *hash = newsplit(&buf);
+
+        if (strcmp(dcc[idx].shahash, hash)) {
+          putlog(LOG_WARN, "*", "%s attempted to negotiate an encryption with an invalid hash.", dcc[idx].nick);
+          killsock(dcc[idx].sock);
+          lostdcc(idx);
+          return;
+        }
         int type = atoi(newsplit(&buf)), i = -1;
 
         /* verify we have that type and then initiate it */
@@ -1638,16 +1647,25 @@ dcc_telnet_pass(int idx, int atr)
   if (glob_bot(fr)) {
     /* FIXME: remove after 1.2.2 */
     if (!dcc[idx].newbot) {
-      link_call(idx, LINK_GHOST, FROM);
+      int snum = findanysnum(dcc[idx].sock);
+
+      if (snum >= 0) {
+        socklist[snum].enclink = link_find_by_type(LINK_GHOST);
+        link_link(idx, LINK_GHOST, FROM);
+      }
     } else {
       /* negotiate a new linking scheme */
       int i = 0;
-      char buf[1024] = "";
+      char buf[1024] = "", rand[51] = "";
   
+      make_rand_str(rand, 50);
+
+      link_hash(idx, rand);
+
       for (i = 0; enclink[i].name; i++)
         sprintf(buf, "%s%d ", buf[0] ? buf : "", enclink[i].type);
 
-      dprintf(idx, "neg? %s\n", buf);
+      dprintf(idx, "neg? %s %s\n", rand, buf);
     }
   } else
     /* Turn off remote telnet echo (send IAC WILL ECHO). */

+ 1 - 0
src/dcc.h

@@ -56,6 +56,7 @@ struct dcc_t {
   port_t port;
   char simulbot[NICKLEN];       /* used for hub->leaf cmd simulation, holds bot that results should be sent to */
   char hash[MD5_HASH_LENGTH + 1];                /* used for dcc authing */
+  char shahash[SHA_HASH_LENGTH + 1];
   char nick[NICKLEN];
   char whois[UHOSTLEN];
   char host[UHOSTLEN];

+ 9 - 0
src/enclink.c

@@ -198,6 +198,15 @@ char *link_write(int snum, char *buf, size_t *len)
   return buf;
 }
 
+void link_hash(int idx, char *rand)
+{
+  char hash[256] = "";
+
+  egg_snprintf(hash, sizeof(hash), "%s.%s.%s", settings.packname, settings.salt1, rand);
+  strncpyz(dcc[idx].shahash, SHA1(hash), sizeof(dcc[idx].shahash));
+  return;
+}
+
 struct enc_link enclink[] = {
   { "ghost", LINK_GHOST, ghost_link, ghost_write, ghost_read },
   { NULL, 0, NULL, NULL, NULL }

+ 1 - 0
src/enclink.h

@@ -35,5 +35,6 @@ extern int link_find_by_type(int);
 extern void link_link(int, int, direction_t);
 extern char *link_write(int, char *, size_t *);
 extern int link_read(int, char *, size_t *);
+extern void link_hash(int, char *);
 
 #endif /* !_ENCLINK_H */