X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/02eca3f19a01a0fb55fdb65b83f3ec8fd9d7ad5f..b2c208be091670e3c5259eba77187bae6ac6eece:/modules/m_who.c

diff --git a/modules/m_who.c b/modules/m_who.c
index 2175fcc5..8bb05afe 100644
--- a/modules/m_who.c
+++ b/modules/m_who.c
@@ -40,6 +40,7 @@
 #include "modules.h"
 #include "packet.h"
 #include "s_newconf.h"
+#include "ratelimit.h"
 
 #define FIELD_CHANNEL    0x0001
 #define FIELD_HOP        0x0002
@@ -84,7 +85,6 @@ static void do_who(struct Client *source_p,
 
 /*
 ** m_who
-**      parv[0] = sender prefix
 **      parv[1] = nickname mask list
 **      parv[2] = additional selection flag and format options
 */
@@ -102,6 +102,7 @@ m_who(struct Client *client_p, struct Client *source_p, int parc, const char *pa
 	int operspy = 0;
 	struct who_format fmt;
 	const char *s;
+	char maskcopy[512];
 
 	fmt.fields = 0;
 	fmt.querytype = NULL;
@@ -137,7 +138,8 @@ m_who(struct Client *client_p, struct Client *source_p, int parc, const char *pa
 			fmt.querytype = "0";
 	}
 
-	mask = LOCAL_COPY(parv[1]);
+	rb_strlcpy(maskcopy, parv[1], sizeof maskcopy);
+	mask = maskcopy;
 
 	collapse(mask);
 
@@ -176,8 +178,18 @@ m_who(struct Client *client_p, struct Client *source_p, int parc, const char *pa
 	{
 		/* List all users on a given channel */
 		chptr = find_channel(parv[1] + operspy);
+
 		if(chptr != NULL)
 		{
+			if (!IsOper(source_p) && !ratelimit_client_who(source_p, rb_dlink_list_length(&chptr->members)/50))
+			{
+				sendto_one(source_p, form_str(RPL_LOAD2HI),
+						me.name, source_p->name, "WHO");
+				sendto_one(source_p, form_str(RPL_ENDOFWHO),
+					   me.name, source_p->name, "*");
+				return 0;
+			}
+
 			if(operspy)
 				report_operspy(source_p, "WHO", chptr->chname);
 
@@ -186,6 +198,7 @@ m_who(struct Client *client_p, struct Client *source_p, int parc, const char *pa
 			else if(!SecretChannel(chptr))
 				do_who_on_channel(source_p, chptr, server_oper, NO, &fmt);
 		}
+
 		sendto_one(source_p, form_str(RPL_ENDOFWHO),
 			   me.name, source_p->name, parv[1] + operspy);
 		return 0;
@@ -232,7 +245,7 @@ m_who(struct Client *client_p, struct Client *source_p, int parc, const char *pa
 	/* it has to be a global who at this point, limit it */
 	if(!IsOper(source_p))
 	{
-		if((last_used + ConfigFileEntry.pace_wait) > rb_current_time())
+		if((last_used + ConfigFileEntry.pace_wait) > rb_current_time() || !ratelimit_client(source_p, 1))
 		{
 			sendto_one(source_p, form_str(RPL_LOAD2HI),
 					me.name, source_p->name, "WHO");
@@ -421,6 +434,31 @@ do_who_on_channel(struct Client *source_p, struct Channel *chptr,
 	}
 }
 
+/*
+ * append_format
+ *
+ * inputs	- pointer to buffer
+ *		- size of buffer
+ *		- pointer to position
+ *		- format string
+ *		- arguments for format
+ * output	- NONE
+ * side effects - position incremented, possibly beyond size of buffer
+ *		  this allows detecting overflow
+ */
+static void
+append_format(char *buf, size_t bufsize, size_t *pos, const char *fmt, ...)
+{
+	size_t max, result;
+	va_list ap;
+
+	max = *pos >= bufsize ? 0 : bufsize - *pos;
+	va_start(ap, fmt);
+	result = rb_vsnprintf(buf + *pos, max, fmt, ap);
+	va_end(ap);
+	*pos += result;
+}
+
 /*
  * do_who
  *
@@ -435,8 +473,9 @@ do_who_on_channel(struct Client *source_p, struct Channel *chptr,
 static void
 do_who(struct Client *source_p, struct Client *target_p, struct membership *msptr, struct who_format *fmt)
 {
-	char status[5];
-	char str[512], *p, *end;
+	char status[16];
+	char str[510 + 1]; /* linebuf.c will add \r\n */
+	size_t pos;
 	const char *q;
 
 	rb_sprintf(status, "%c%s%s",
@@ -447,38 +486,39 @@ do_who(struct Client *source_p, struct Client *target_p, struct membership *mspt
 			   source_p->name, msptr ? msptr->chptr->chname : "*",
 			   target_p->username, target_p->host,
 			   target_p->servptr->name, target_p->name, status,
-			   ConfigServerHide.flatten_links ? 0 : target_p->hopcount, 
+			   ConfigServerHide.flatten_links && !IsOper(source_p) && !IsExemptShide(source_p) ? 0 : target_p->hopcount, 
 			   target_p->info);
 	else
 	{
 		str[0] = '\0';
-		p = str;
-		end = str + sizeof str;
+		pos = 0;
+		append_format(str, sizeof str, &pos, ":%s %d %s",
+				me.name, RPL_WHOSPCRPL, source_p->name);
 		if (fmt->fields & FIELD_QUERYTYPE)
-			p += rb_snprintf(p, end - p, " %s", fmt->querytype);
+			append_format(str, sizeof str, &pos, " %s", fmt->querytype);
 		if (fmt->fields & FIELD_CHANNEL)
-			p += rb_snprintf(p, end - p, " %s", msptr ? msptr->chptr->chname : "*");
+			append_format(str, sizeof str, &pos, " %s", msptr ? msptr->chptr->chname : "*");
 		if (fmt->fields & FIELD_USER)
-			p += rb_snprintf(p, end - p, " %s", target_p->username);
+			append_format(str, sizeof str, &pos, " %s", target_p->username);
 		if (fmt->fields & FIELD_IP)
 		{
 			if (show_ip(source_p, target_p) && !EmptyString(target_p->sockhost) && strcmp(target_p->sockhost, "0"))
-				p += rb_snprintf(p, end - p, " %s", target_p->sockhost);
+				append_format(str, sizeof str, &pos, " %s", target_p->sockhost);
 			else
-				p += rb_snprintf(p, end - p, " %s", "255.255.255.255");
+				append_format(str, sizeof str, &pos, " %s", "255.255.255.255");
 		}
 		if (fmt->fields & FIELD_HOST)
-			p += rb_snprintf(p, end - p, " %s", target_p->host);
+			append_format(str, sizeof str, &pos, " %s", target_p->host);
 		if (fmt->fields & FIELD_SERVER)
-			p += rb_snprintf(p, end - p, " %s", target_p->servptr->name);
+			append_format(str, sizeof str, &pos, " %s", target_p->servptr->name);
 		if (fmt->fields & FIELD_NICK)
-			p += rb_snprintf(p, end - p, " %s", target_p->name);
+			append_format(str, sizeof str, &pos, " %s", target_p->name);
 		if (fmt->fields & FIELD_FLAGS)
-			p += rb_snprintf(p, end - p, " %s", status);
+			append_format(str, sizeof str, &pos, " %s", status);
 		if (fmt->fields & FIELD_HOP)
-			p += rb_snprintf(p, end - p, " %d", ConfigServerHide.flatten_links ? 0 : target_p->hopcount);
+			append_format(str, sizeof str, &pos, " %d", ConfigServerHide.flatten_links && !IsOper(source_p) && !IsExemptShide(source_p) ? 0 : target_p->hopcount);
 		if (fmt->fields & FIELD_IDLE)
-			p += rb_snprintf(p, end - p, " %d", MyClient(target_p) ? rb_current_time() - target_p->localClient->last : 0);
+			append_format(str, sizeof str, &pos, " %d", (int)(MyClient(target_p) ? rb_current_time() - target_p->localClient->last : 0));
 		if (fmt->fields & FIELD_ACCOUNT)
 		{
 			/* display as in whois */
@@ -492,12 +532,22 @@ do_who(struct Client *source_p, struct Client *target_p, struct membership *mspt
 			}
 			else
 				q = "0";
-			p += rb_snprintf(p, end - p, " %s", q);
+			append_format(str, sizeof str, &pos, " %s", q);
 		}
 		if (fmt->fields & FIELD_OPLEVEL)
-			p += rb_snprintf(p, end - p, " %s", is_chanop(msptr) ? "999" : "n/a");
+			append_format(str, sizeof str, &pos, " %s", is_chanop(msptr) ? "999" : "n/a");
 		if (fmt->fields & FIELD_INFO)
-			p += rb_snprintf(p, end - p, " :%s", target_p->info);
-		sendto_one_numeric(source_p, RPL_WHOSPCRPL, "%s", str + 1);
+			append_format(str, sizeof str, &pos, " :%s", target_p->info);
+
+		if (pos >= sizeof str)
+		{
+			static int warned = 0;
+			if (!warned)
+				sendto_realops_snomask(SNO_DEBUG, L_NETWIDE,
+						"WHOX overflow while sending information about %s to %s",
+						target_p->name, source_p->name);
+			warned = 1;
+		}
+		sendto_one(source_p, "%s", str);
 	}
 }