From 6d64c164a7df175026e605798e58046441c21d7d Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Thu, 8 Dec 2022 15:25:39 +0100 Subject: [PATCH] downstream: check channel name validity on JOIN Avoid storing garbage in the DB. --- downstream.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/downstream.go b/downstream.go index 456f347..0fe8dbe 100644 --- a/downstream.go +++ b/downstream.go @@ -231,8 +231,15 @@ func updateNetworkAttrs(record *database.Network, attrs irc.Tags, subcommand str // - '$' breaks server masks in PRIVMSG/NOTICE // - ',' breaks lists // - '.' is reserved for server names +// +// See https://modern.ircdocs.horse/#clients const illegalNickChars = " :@!*?$,." +// illegalChanChars is the list of characters forbidden in a channel name. +// +// See https://modern.ircdocs.horse/#channels +const illegalChanChars = " ,\x07" + // permanentDownstreamCaps is the list of always-supported downstream // capabilities. var permanentDownstreamCaps = map[string]string{ @@ -1808,6 +1815,14 @@ func (dc *downstreamConn) handleMessageRegistered(ctx context.Context, msg *irc. key = keys[i] } + if name == "" || strings.ContainsAny(name, illegalChanChars) { + dc.SendMessage(&irc.Message{ + Prefix: dc.srv.prefix(), + Command: irc.ERR_NOSUCHCHANNEL, + Params: []string{name, "Invalid channel name"}, + }) + continue + } if !uc.isChannel(name) { dc.SendMessage(&irc.Message{ Prefix: dc.srv.prefix(),