commit 98493077a2d044aa08ee5cb4bd7054579e30fb57
from: Alexander Barton <alex@barton.de>
date: Fri Jan 06 16:27:29 2012 UTC

channel modes: only handle MAX_CMODES_ARG modes with arguments

Limit the MODE command to handle a maximum of MAX_CMODES_ARG (5) channel
modes that require an argument (+Ibkl) per call.

Please note: Further modes that require arguments are silently ignored
and end the handling of any further modes.
This is similar to the behavior of ircd2.11 (silently ignores but seems
to handle other modes) as well as ircd-seven (silently ignores but handles
some(!) other modes) ...

commit - 1fa2af5b3a95cad24c3e8b56ee7e57aa5084bfdb
commit + 98493077a2d044aa08ee5cb4bd7054579e30fb57
blob - 4bcb6aff8ce295ce9c39076cca0b9e0929e0aa2e
blob + b894dbc7beffef50138c2a96ea9afb80fdd2d4cd
--- src/ngircd/defines.h
+++ src/ngircd/defines.h
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2012 Alexander Barton (alex@barton.de)
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -32,6 +32,9 @@
 #define MAX_WHOWAS 64			/* Max. number of WHOWAS items */
 #define DEFAULT_WHOWAS 5		/* default count for WHOWAS command */
 
+#define MAX_CMODES_ARG 5		/* Max. number of channel modes with
+					 * arguments per MODE command */
+
 #define CONNECTION_POOL 100		/* Size of default connection pool */
 
 #define CLIENT_ID_LEN 64		/* Max. length of an IRC ID; see RFC
blob - 01f87621a6d670df9b7973528d3892b3672caee4
blob + 9afe90780188ba1941874d9796427323af852816
--- src/ngircd/irc-mode.c
+++ src/ngircd/irc-mode.c
@@ -375,7 +375,7 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Ori
 	char the_modes[COMMAND_LEN], the_args[COMMAND_LEN], x[2],
 	    argadd[CLIENT_PASS_LEN], *mode_ptr;
 	bool connected, set, skiponce, retval, onchannel, modeok, use_servermode;
-	int mode_arg, arg_arg;
+	int mode_arg, arg_arg, mode_arg_count = 0;
 	CLIENT *client;
 	long l;
 	size_t len;
@@ -491,6 +491,8 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Ori
 					Client_ID(Origin), Channel_Name(Channel));
 			break;
 		case 'k': /* Channel key */
+			if (mode_arg_count++ >= MAX_CMODES_ARG)
+				break;
 			if (!set) {
 				if (modeok)
 					x[0] = *mode_ptr;
@@ -525,6 +527,8 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Ori
 			}
 			break;
 		case 'l': /* Member limit */
+			if (mode_arg_count++ >= MAX_CMODES_ARG)
+				break;
 			if (!set) {
 				if (modeok)
 					x[0] = *mode_ptr;
@@ -635,6 +639,8 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Ori
 		/* --- Channel lists --- */
 		case 'I': /* Invite lists */
 		case 'b': /* Ban lists */
+			if (mode_arg_count++ >= MAX_CMODES_ARG)
+				break;
 			if (arg_arg > mode_arg) {
 				/* modify list */
 				if (modeok) {