From 5e87cc55f948d4ed6674f6e6c2e6f9b35666c6cc Mon Sep 17 00:00:00 2001 From: pdbogen Date: Mon, 4 Jan 2010 20:10:56 +0000 Subject: [PATCH] Fix argument counting for REGISTER and fix a vulnerability wherein an already-registered user could be re-registered with a new password. git-svn-id: https://www.cernu.us/~pdbogen/svn/destult2@107 088b83a4-0077-4247-935c-42ec02c2848b --- commands.yaml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/commands.yaml b/commands.yaml index 8c7f463..f04ecdd 100644 --- a/commands.yaml +++ b/commands.yaml @@ -249,18 +249,25 @@ REGISTER: |- sub { use Digest::MD5 qw( md5_hex ); my( $kernel, $heap, $who, $what, $src, $dest, $replypath ) = @_; + $what =~ s/\s+$//; my $nargs = ($what =~ s/ / /g); if( !$nargs ) { - $nargs = 1; + if( $what =~ /.+/ ) { + $nargs = 1; + } else { + $nargs = 0; + } } else { - $nargs++; + $nargs++; } + if( $nargs < 1 || $nargs > 2 ) { - $kernel->post( $src, $replypath, "Usage: REGISTER [] ", $dest ); + $kernel->post( $src, $replypath, "Usage: REGISTER [] ($nargs args received)", $dest ); return; } - + my( $whom, $password ); + if( $nargs == 1 ) { $password = $what; $whom = $who; @@ -269,6 +276,11 @@ REGISTER: |- ( $whom, $password ) = split( / /, $what, 2 ); } + if( exists( $heap->{ 'users' }->{ uc( $whom ) } ) ) { + $kernel->post( $src, $replypath, "Sorry, but the nick '$whom' is already registered.", $dest ); + return; + } + if( $password ) { $heap->{ 'users' }->{ uc( $whom ) } = md5_hex( $password ); DumpFile( "users.yaml", $heap->{ 'users' } ); -- 2.11.0