Serious bug fix. Due to a lack of checking some messages would be

treated as server notices when in fact they came from user input.
This can result in a user being able to scan any host or possibily
cause bopm to segfault.

diff --git a/src/irc.c b/src/irc.c
index 43c3fe067858e0c35a2cc5babe7e504f656eb29b..ca00d7fe15dc826eff1e3bb7955793f6ed0b0eaa 100644 (file)
--- a/src/irc.c
+++ b/src/irc.c
@@ -698,12 +698,15 @@ static void irc_parse(void)
                if (strchr(token[0], '@'))
                        return;
 
-               if (tokens >= 11 && strcmp(token[7], "connecting:") == 0)
+               if (tokens >= 11 && strcmp(token[7], "connecting:") == 0 &&
+                   strcmp(token[1], "NOTICE") == 0)
                        do_hybrid_connect(tokens, token);
-               else if (tokens >= 9 && strcmp(token[4], "connecting:") == 0)
+               else if (tokens >= 9 && strcmp(token[4], "connecting:") == 0 &&
+                   strcmp(token[1], "NOTICE") == 0)
                        do_trircd_connect(tokens, token);
                else if (tokens >= 17 && strcmp(token[8], "Client") == 0 &&
-                   strcmp(token[9], "connecting") == 0)
+                   strcmp(token[9], "connecting") == 0 &&
+                   strcmp(token[1], "NOTICE") == 0)
                        do_ultimateircd_connect(tokens, token);
        }
 }