X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/18395f4fa8e0ddbdf9ee9f4187f1b864728b562a..ffa772f3d4993ba75eea3cc9958bc1703d49d3d3:/extensions/ip_cloaking.c diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index c85059b..035913e 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -6,6 +6,7 @@ #include "client.h" #include "ircd.h" #include "send.h" +#include "hash.h" #include "s_conf.h" #include "s_user.h" #include "s_serv.h" @@ -65,40 +66,54 @@ distribute_hostchange(struct Client *client) ClearDynSpoof(client); } -#define HOSTLEN 63 - static void do_host_cloak_ip(const char *inbuf, char *outbuf) { + /* None of the characters in this table can be valid in an IP */ + char chartable[] = "ghijklmnopqrstuvwxyz"; char *tptr; - unsigned int accum = fnv_hash(inbuf, 32); - char buf[HOSTLEN]; + uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); + int sepcount = 0; + int totalcount = 0; int ipv6 = 0; - strncpy(buf, inbuf, HOSTLEN); - tptr = strrchr(buf, '.'); + rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); - if (tptr == NULL) + if (strchr(outbuf, ':')) { - tptr = strrchr(buf, ':'); ipv6 = 1; + + /* Damn you IPv6... + * We count the number of colons so we can calculate how much + * of the host to cloak. This is because some hostmasks may not + * have as many octets as we'd like. + * + * We have to do this ahead of time because doing this during + * the actual cloaking would get ugly + */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + if (*tptr == ':') + totalcount++; } + else if (!strchr(outbuf, '.')) + return; - if (tptr == NULL) + for (tptr = outbuf; *tptr != '\0'; tptr++) { - strncpy(outbuf, inbuf, HOSTLEN); - return; - } + if (*tptr == ':' || *tptr == '.') + { + sepcount++; + continue; + } - *tptr++ = '\0'; + if (ipv6 && sepcount < totalcount / 2) + continue; - if(ipv6) - { - snprintf(outbuf, HOSTLEN, "%s:%x", buf, accum); - } - else - { - snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); + if (!ipv6 && sepcount < 2) + continue; + + *tptr = chartable[(*tptr + accum) % 20]; + accum = (accum << 1) | (accum >> 31); } } @@ -107,12 +122,12 @@ do_host_cloak_host(const char *inbuf, char *outbuf) { char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; char *tptr; - unsigned int accum = fnv_hash(inbuf, 32); + uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); - strncpy(outbuf, inbuf, HOSTLEN); + rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); /* pass 1: scramble first section of hostname using base26 - * alphabet toasted against the weighted entropy of the string. + * alphabet toasted against the FNV hash of the string. * * numbers are not changed at this time, only letters. */ @@ -124,16 +139,19 @@ do_host_cloak_host(const char *inbuf, char *outbuf) if (isdigit(*tptr) || *tptr == '-') continue; - *tptr = b26_alphabet[(*tptr * accum) % 26]; + *tptr = b26_alphabet[(*tptr + accum) % 26]; + + /* Rotate one bit to avoid all digits being turned odd or even */ + accum = (accum << 1) | (accum >> 31); } /* pass 2: scramble each number in the address */ for (tptr = outbuf; *tptr != '\0'; tptr++) { if (isdigit(*tptr)) - { - *tptr = 48 + ((*tptr * accum) % 10); - } + *tptr = '0' + (*tptr + accum) % 10; + + accum = (accum << 1) | (accum >> 31); } } @@ -159,7 +177,7 @@ check_umode_change(void *vdata) } if (strcmp(source_p->host, source_p->localClient->mangledhost)) { - rb_strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN); + rb_strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN + 1); distribute_hostchange(source_p); } else /* not really nice, but we need to send this numeric here */ @@ -171,7 +189,7 @@ check_umode_change(void *vdata) if (source_p->localClient->mangledhost != NULL && !strcmp(source_p->host, source_p->localClient->mangledhost)) { - rb_strlcpy(source_p->host, source_p->orighost, HOSTLEN); + rb_strlcpy(source_p->host, source_p->orighost, HOSTLEN + 1); distribute_hostchange(source_p); } } @@ -187,7 +205,7 @@ check_new_user(void *vdata) source_p->umodes &= ~user_modes['h']; return; } - source_p->localClient->mangledhost = rb_malloc(HOSTLEN); + source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1); if (!irccmp(source_p->orighost, source_p->sockhost)) do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); else