Selaa lähdekoodia

Merge branch 'streaming-userfile-aggressiveness' into maint

* streaming-userfile-aggressiveness:
  Add aggressive check before transfering userfile for compat
  This check doesn't work here as a separate dcc is created for transfer
  Validate sooner when the update is first offered and initiated
  Fix non-hubs being able to update other bots
  Only accept share lines from the bot sending the userfile
  Fix leaf bots being able to initiate userfile transfer to hubs

Conflicts:
	doc/UPDATES
Bryan Drewery 13 vuotta sitten
vanhempi
commit
dc4996ec1a
3 muutettua tiedostoa jossa 61 lisäystä ja 4 poistoa
  1. 2 0
      doc/UPDATES
  2. 27 4
      src/mod/share.mod/share.c
  3. 32 0
      src/mod/update.mod/update.c

+ 2 - 0
doc/UPDATES

@@ -3,6 +3,8 @@ maint
     and doesn't matter much.
   * Bots linking in must now have a matching host on their user to succeed linking.
     This was always requiring a valid host, but was not restricted to that bot.
+  * Fix leaf bots being able to initiate userfile transfer to hubs
+  * Protect binary updates so that only hubs can offer/send them
 
 1.4.2 - http://wraith.botpack.net/milestone/1.4.2
   * Prevent crashing on startup if openssl can not be loaded

+ 27 - 4
src/mod/share.mod/share.c

@@ -952,7 +952,7 @@ share_userfileq(int idx, char *par)
   flush_tbuf(dcc[idx].nick);
 
   if (bot_aggressive_to(dcc[idx].user)) {
-    putlog(LOG_ERRORS, "*", "%s offered user transfer - I'm supposed to be aggressive to it", dcc[idx].nick);
+    putlog(LOG_ERRORS, "*", "%s offered user transfer - I'm supposed to be aggressive to it [likely a hack]", dcc[idx].nick);
     dprintf(idx, "s un I have you marked for Agressive sharing.\n");
     botunlink(-2, dcc[idx].nick, "I'm aggressive to you");
   } else {
@@ -985,6 +985,13 @@ share_userfileq(int idx, char *par)
 static void
 share_ufsend(int idx, char *par)
 {
+  if (bot_aggressive_to(dcc[idx].user)) {
+    putlog(LOG_ERRORS, "*", "%s attempted to start sending userfile [compat] - I'm supposed to be aggressive to it [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un I have you marked for Agressive sharing.\n");
+    botunlink(-2, dcc[idx].nick, "I'm aggressive to you");
+    return;
+  }
+
   char *port = NULL, *ip = NULL;
   char s[1024] = "";
   int i, sock;
@@ -1100,13 +1107,22 @@ share_end(int idx, char *par)
 }
 
 static void share_userfile_line(int idx, char *par) {
-  char *size = newsplit(&par);
+  if (stream_in && (dcc[idx].status & STAT_GETTING)) {
+    char *size = newsplit(&par);
 
-  (*stream_in) << bd::String(par, atoi(size));
-  (*stream_in) << '\n';
+    (*stream_in) << bd::String(par, atoi(size));
+    (*stream_in) << '\n';
+  }
 }
 
 static void share_userfile_start(int idx, char *par) {
+  if (bot_aggressive_to(dcc[idx].user)) {
+    putlog(LOG_ERRORS, "*", "%s attempted to initiate user transfer - I'm supposed to be aggressive to it [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un I have you marked for Agressive sharing.\n");
+    botunlink(-2, dcc[idx].nick, "I'm aggressive to you");
+    return;
+  }
+
   dcc[idx].status |= STAT_GETTING;
   /* Start up a tbuf to queue outgoing changes for this bot until the
    * userlist is done transferring.
@@ -1116,6 +1132,13 @@ static void share_userfile_start(int idx, char *par) {
 }
 
 static void share_userfile_end(int idx, char *par) {
+  if (bot_aggressive_to(dcc[idx].user)) {
+    putlog(LOG_ERRORS, "*", "%s attempted to end user transfer - I'm supposed to be aggressive to it [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un I have you marked for Agressive sharing.\n");
+    botunlink(-2, dcc[idx].nick, "I'm aggressive to you");
+    return;
+  }
+
   stream_in->seek(0, SEEK_SET);
   share_read_stream(idx, *stream_in);
   delete stream_in;

+ 32 - 0
src/mod/update.mod/update.c

@@ -25,6 +25,7 @@
 
 
 #include "src/common.h"
+#include "src/chanprog.h"
 #include "src/users.h"
 #include "src/dcc.h"
 #include "src/botnet.h"
@@ -92,6 +93,13 @@ static void update_fileq(int idx, char *par)
   if (dcc[idx].status & STAT_GETTINGU || updated) 
     return;
 
+  if (!dcc[idx].hub) {
+    putlog(LOG_ERRORS, "*", "%s attemped to offer binary transfer - they are not a hub [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un You are not allowed to send me binaries.\n");
+    botunlink(-2, dcc[idx].nick, "You are not allowed to send me binaries.");
+    return;
+  }
+
   if (!conf.bot->hub) {
     if (!conf.bot->localhub)
       return;
@@ -109,6 +117,12 @@ static void update_fileq(int idx, char *par)
  */
 static void update_ufsend(int idx, char *par)
 {
+  if (!dcc[idx].hub) {
+    putlog(LOG_ERRORS, "*", "%s attempted to initiate binary transfer - they are not a hub [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un You are not allowed to send me binaries.\n");
+    botunlink(-2, dcc[idx].nick, "You are not allowed to send me binaries.");
+    return;
+  }
 
   char *ip = NULL, *port = NULL, s[1024] = "";
   int i, sock;
@@ -164,12 +178,24 @@ static void update_stream_line(int idx, char *par) {
 }
 
 static void update_stream_start(int idx, char *par) {
+  if (!dcc[idx].hub) {
+    putlog(LOG_ERRORS, "*", "%s attempted to initiate streaming binary transfer - they are not a hub [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un You are not allowed to send me binaries.\n");
+    botunlink(-2, dcc[idx].nick, "You are not allowed to send me binaries.");
+    return;
+  }
   putlog(LOG_BOTS, "*", "Downloading updated binary from %s", dcc[idx].nick);
   dcc[idx].status |= STAT_GETTINGU;
   stream_in.clear();
 }
 
 static void update_stream_end(int idx, char *par) {
+  if (!dcc[idx].hub) {
+    putlog(LOG_ERRORS, "*", "%s attempted to end streaming binary transfer - they are not a hub [likely a hack]", dcc[idx].nick);
+    dprintf(idx, "s un You are not allowed to send me binaries.\n");
+    botunlink(-2, dcc[idx].nick, "You are not allowed to send me binaries.");
+    return;
+  }
   stream_in.seek(0, SEEK_SET);
   finish_update_stream(idx, stream_in);
 }
@@ -191,6 +217,12 @@ static void got_nu(char *botnick, char *code, char *par)
 {
   if (!par || !*par || updated) 
     return;
+
+  if (!is_hub(botnick)) {
+    putlog(LOG_ERRORS, "*", "%s offered binary transfer - they are not a hub [likely a hack]", botnick);
+    return;
+  }
+
   if (!conf.bot->hub) {
     if (!conf.bot->localhub)
       return;