make vhost "looks like a CIDR" check more precise

atheme · Feb 21, 2024 · 955cbd8 · 955cbd8
1 parent 7e3a2fe
commit 955cbd8
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/libathemecore/services.c b/libathemecore/services.c
@@ -1228,7 +1228,7 @@ verbose_wallops(const char *fmt, ...)
 bool
 check_vhost_validity(struct sourceinfo *si, const char *host)
 {
-	const char *p;
+	const char *p, *p2;
 
 	/* Never ever allow @!?* as they have special meaning in all ircds */
 	/* Empty, space anywhere and colon at the start break the protocol */
@@ -1246,8 +1246,13 @@ check_vhost_validity(struct sourceinfo *si, const char *host)
 		command_fail(si, fault_badparams, _("The vhost provided is too long."));
 		return false;
 	}
-	p = strrchr(host, '/');
-	if (p != NULL && isdigit((unsigned char)p[1]))
+	p = p2 = strrchr(host, '/');
+	// walk the vhost until we hit either the end or a non-digit
+	while (p != NULL && isdigit((unsigned char)p[1]))
+		p++;
+	// if we found a /, and are now at the end of the vhost, that
+	// means we found no non-digits, so it looks too much like a CIDR
+	if (p == NULL && p2 != NULL)
 	{
 		command_fail(si, fault_badparams, _("The vhost provided looks like a CIDR mask."));
 		return false;