Check IP/mask validity in CLONES ADDEXEMPT

Renegade334 · Renegade334 · commit f9e6e9f3e6e2 · 2014-12-16T14:40:56.000Z
diff --git a/include/tools.h b/include/tools.h
@@ -27,6 +27,9 @@ E void arc4random_addrandom(unsigned char *dat, int datlen);
 E unsigned int arc4random(void);
 #endif /* !HAVE_ARC4RANDOM */
 
+/* cidr.c */
+E int valid_ip_or_mask(const char *src);
+
 typedef enum {
 	LOG_ANY = 0,
 	LOG_INTERACTIVE = 1, /* IRC channels */
diff --git a/libathemecore/cidr.c b/libathemecore/cidr.c
@@ -368,6 +368,52 @@ match_cidr(const char *s1, const char *s2)
 		return 1;
 }
 
+int valid_ip_or_mask(const char *src)
+{
+	char ipaddr[IN6ADDRSZ], buf[IN6ADDRSZ];
+	char *mask;
+
+	mowgli_strlcpy(ipaddr, src, sizeof ipaddr);
+
+	int is_ipv6 = (strchr(ipaddr, ':') != NULL);
+
+	if (mask = strchr(ipaddr, '/'))
+	{
+		*mask++ = '\0';
+
+		/* Multiple slashes */
+		if (strchr(mask, '/'))
+			return 0;
+
+		/* Trailing slash */
+		if (!strlen(mask))
+			return 0;
+
+		int i;
+		for (i = 0; i < strlen(mask); i++)
+		{
+			if (!isdigit(*(mask + i)))
+				return 0;
+		}
+
+		if (is_ipv6)
+		{
+			if (atoi(mask) > 128)
+				return 0;
+		}
+		else
+		{
+			if (atoi(mask) > 32)
+				return 0;
+		}
+	}
+
+	if (is_ipv6)
+		return inet_pton6(ipaddr, buf);
+	else
+		return inet_pton4(ipaddr, buf);
+}
+
 /* vim:cinoptions=>s,e0,n0,f0,{0,}0,^0,=s,ps,t0,c3,+s,(2s,us,)20,*30,gs,hs
  * vim:ts=8
  * vim:sw=8
diff --git a/modules/operserv/clones.c b/modules/operserv/clones.c
@@ -450,6 +450,13 @@ static void os_cmd_clones_addexempt(sourceinfo_t *si, int parc, char *parv[])
 		return;
 	}
 
+	if (!valid_ip_or_mask(ip))
+	{
+		command_fail(si, fault_badparams, _("Invalid IP/mask given."));
+		command_fail(si, fault_badparams, _("Syntax: CLONES ADDEXEMPT <ip> <clones> [!P|!T <minutes>] <reason>"));
+		return;
+	}
+
 	clones = atoi(clonesstr);
 
 	if (expiry && !strcasecmp(expiry, "!P"))
