Fix a privilege escalation exploit on InspIRCd with m_autoop.

author: Peter Powell <petpow@saberuk.com> 2016-02-10 08:35:34 +0000
committer: Peter Powell <petpow@saberuk.com> 2016-02-10 08:56:23 +0000
commit: 9c17c2d818a363321e61689b4eb932034969bb99 (patch)
tree: f040ecd99221482d3dece45c8b6ac07f64127918 /modules/protocol
parent: dd9fcca45d0e333f2727112f8cee26f7bd873cd9 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/modules/protocol/inspircd20.cpp b/modules/protocol/inspircd20.cpp
index 677014685..c54cfe184 100644
--- a/modules/protocol/inspircd20.cpp
+++ b/modules/protocol/inspircd20.cpp
@@ -77,6 +77,21 @@ class InspIRCd20Proto : public IRCDProto
 	bool IsIdentValid(const Anope::string &ident) anope_override { return insp12->IsIdentValid(ident); }
 };
 
+class InspIRCdAutoOpMode : public ChannelModeList
+{
+ public:
+	InspIRCdAutoOpMode(char mode) : ChannelModeList("AUTOOP", mode)
+	{
+	}
+
+	bool IsValid(Anope::string &mask) const anope_override
+	{
+		// We can not validate this because we don't know about the
+		// privileges of the setter so just reject attempts to set it.
+		return false;
+	}
+};
+
 class InspIRCdExtBan : public ChannelModeVirtual<ChannelModeList>
 {
 	char ext;
@@ -395,6 +410,8 @@ struct IRCDMessageCapab : Message::Capab
 				}
 				else if (modename.equals_cs("auditorium"))
 					cm = new ChannelMode("AUDITORIUM", modechar[0]);
+				else if (modename.equals_cs("autoop"))
+					cm = new InspIRCdAutoOpMode(modechar[0]);
 				else if (modename.equals_cs("ban"))
 					cm = new ChannelModeList("BAN", modechar[0]);
 				else if (modename.equals_cs("banexception"))
author	Peter Powell <petpow@saberuk.com>	2016-02-10 08:35:34 +0000
committer	Peter Powell <petpow@saberuk.com>	2016-02-10 08:56:23 +0000
commit	9c17c2d818a363321e61689b4eb932034969bb99 (patch)
tree	f040ecd99221482d3dece45c8b6ac07f64127918 /modules/protocol
parent	dd9fcca45d0e333f2727112f8cee26f7bd873cd9 (diff)