From bcc567f2559058f38ca8ffecf7ef4428483cb540 Mon Sep 17 00:00:00 2001 From: Marcus Eggenberger Date: Sat, 25 Oct 2008 16:39:07 +0200 Subject: [PATCH] Implementing ctcp level quoting and ctcp low level quoting. This fixes a crucial security issue. Upgrading is strongly recommended! --- src/core/ctcphandler.cpp | 30 ++++++++++++++++++++++++------ src/core/ctcphandler.h | 4 +++- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/src/core/ctcphandler.cpp b/src/core/ctcphandler.cpp index 420693ab..ec21f4cc 100644 --- a/src/core/ctcphandler.cpp +++ b/src/core/ctcphandler.cpp @@ -40,7 +40,17 @@ CtcpHandler::CtcpHandler(NetworkConnection *parent) ctcpXDelimDequoteHash[XQUOTE + QByteArray("a")] = XDELIM; } -QByteArray CtcpHandler::dequote(const QByteArray &message) { +QByteArray CtcpHandler::lowLevelQuote(const QByteArray &message) { + QByteArray quotedMessage = message; + QHash::const_iterator quoteIter = ctcpMDequoteHash.constBegin(); + while(quoteIter != ctcpMDequoteHash.constEnd()) { + quotedMessage.replace(quoteIter.value(), quoteIter.key()); + quoteIter++; + } + return quotedMessage; +} + +QByteArray CtcpHandler::lowLevelDequote(const QByteArray &message) { QByteArray dequotedMessage; QByteArray messagepart; QHash::iterator ctcpquote; @@ -62,6 +72,15 @@ QByteArray CtcpHandler::dequote(const QByteArray &message) { return dequotedMessage; } +QByteArray CtcpHandler::xdelimQuote(const QByteArray &message) { + QByteArray quotedMessage = message; + QHash::const_iterator quoteIter = ctcpXDelimDequoteHash.constBegin(); + while(quoteIter != ctcpXDelimDequoteHash.constEnd()) { + quotedMessage.replace(quoteIter.value(), quoteIter.key()); + quoteIter++; + } + return quotedMessage; +} QByteArray CtcpHandler::xdelimDequote(const QByteArray &message) { QByteArray dequotedMessage; @@ -88,7 +107,7 @@ void CtcpHandler::parse(Message::Type messageType, const QString &prefix, const QByteArray ctcp; //lowlevel message dequote - QByteArray dequotedMessage = dequote(message); + QByteArray dequotedMessage = lowLevelDequote(message); CtcpType ctcptype = messageType == Message::Notice ? CtcpReply @@ -135,19 +154,18 @@ void CtcpHandler::parse(Message::Type messageType, const QString &prefix, const } QByteArray CtcpHandler::pack(const QByteArray &ctcpTag, const QByteArray &message) { - return XDELIM + ctcpTag + ' ' + message + XDELIM; + return XDELIM + ctcpTag + ' ' + xdelimQuote(message) + XDELIM; } -// TODO handle encodings correctly! void CtcpHandler::query(const QString &bufname, const QString &ctcpTag, const QString &message) { QList params; - params << serverEncode(bufname) << pack(serverEncode(ctcpTag), userEncode(bufname, message)); + params << serverEncode(bufname) << lowLevelQuote(pack(serverEncode(ctcpTag), userEncode(bufname, message))); emit putCmd("PRIVMSG", params); } void CtcpHandler::reply(const QString &bufname, const QString &ctcpTag, const QString &message) { QList params; - params << serverEncode(bufname) << pack(serverEncode(ctcpTag), userEncode(bufname, message)); + params << serverEncode(bufname) << lowLevelQuote(pack(serverEncode(ctcpTag), userEncode(bufname, message))); emit putCmd("NOTICE", params); } diff --git a/src/core/ctcphandler.h b/src/core/ctcphandler.h index aa42bf9c..cac2f565 100644 --- a/src/core/ctcphandler.h +++ b/src/core/ctcphandler.h @@ -36,7 +36,9 @@ public: void parse(Message::Type, const QString &prefix, const QString &target, const QByteArray &message); - QByteArray dequote(const QByteArray &); + QByteArray lowLevelQuote(const QByteArray &); + QByteArray lowLevelDequote(const QByteArray &); + QByteArray xdelimQuote(const QByteArray &); QByteArray xdelimDequote(const QByteArray &); QByteArray pack(const QByteArray &ctcpTag, const QByteArray &message); -- 2.20.1