From b59f9abd1a26ef83b0d2496a1170ba498ada8955 Mon Sep 17 00:00:00 2001 From: Richard Hitt Date: Tue, 13 Nov 2012 12:06:35 -0800 Subject: Limit url-grabbing to NOTICE, PRIVMSG, TOPIC, 332 (RPL_TOPIC), 372 (RPL_MOTD) --- src/common/server.c | 2 ++ src/common/url.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/src/common/server.c b/src/common/server.c index dbfdcdd8..3e694c43 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -157,6 +157,8 @@ server_send_real (server *serv, char *buf, int len) { fe_add_rawlog (serv, buf, len, TRUE); + url_check_line (buf, len); + return tcp_send_real (serv->ssl, serv->sok, serv->encoding, serv->using_irc, buf, len); } diff --git a/src/common/url.c b/src/common/url.c index 0a4c3609..52e37daa 100644 --- a/src/common/url.c +++ b/src/common/url.c @@ -331,12 +331,53 @@ url_check_word (const char *word, int len) return 0; } +/* List of IRC commands for which contents (and thus possible URLs) + * are visible to the user. NOTE: Trailing blank required in each. */ +static char *commands[] = { + "NOTICE ", + "PRIVMSG ", + "TOPIC ", + "332 ", /* RPL_TOPIC */ + "372 " /* RPL_MOTD */ +}; + +#define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0])) + void url_check_line (char *buf, int len) { char *po = buf; char *start; - int wlen; + int i, wlen; + + /* Skip over message prefix */ + if (*po == ':') + { + po = strchr (po, ' '); + if (!po) + return; + po++; + } + /* Allow only commands from the above list */ + for (i = 0; i < ARRAY_SIZE (commands); i++) + { + char *cmd = commands[i]; + int len = strlen (cmd); + + if (strncmp (cmd, po, len) == 0) + { + po += len; + break; + } + } + if (i == ARRAY_SIZE (commands)) + return; + + /* Skip past the channel name or user nick */ + po = strchr (po, ' '); + if (!po) + return; + po++; if (buf[0] == ':' && buf[1] != 0) po++; @@ -350,6 +391,7 @@ url_check_line (char *buf, int len) { case 0: case ' ': + case '\r': wlen = po - start; if (wlen > 2) -- cgit 1.4.1