From 34618f8ea69cc3d566e23a3ed8a3c0020826ead4 Mon Sep 17 00:00:00 2001 From: Luke Bratch Date: Sat, 18 May 2019 23:05:43 +0100 Subject: Check authentication status of client as early as possible when receiving its commands to avoid unnecessary processing. --- blabouncer.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/blabouncer.c b/blabouncer.c index ae62487..a69ec71 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -4,7 +4,6 @@ // - Get CAP from server and relay to client // - Keep track of changing user modes in channels // - Should replay log do more than PRIVMSGs? -// - Check authentication before even getting to the send functions to save unnecessary processing // - Configurable auto channels // - Comma separated channel list in JOINs/PARTs // - Perhaps rename clients.ssl and server_ssl since they may not even be OpenSSL sockets @@ -1028,6 +1027,14 @@ int processircmessage(SSL *server_ssl, char *str, int source, struct client *cli return 1; } + // We're past PASS in the list of possible commands, so ignore + // anything else the client says if they are not authenticated yet. + if (!clients[arrindex(clients, sourcefd)].authed) { + printf("Ignoring client command '%s' from sourcefd '%d' as not authenticated yet.\n", tokens[0], sourcefd); + free(strcopyPtr); + return 1; + } + // USER received? If so, assume this is a new client connecting and catch them on up on the state if (strncmp(tokens[0], "USER", strlen(tokens[0])) == 0) { // Somewhere to store the several strings we will need to build and send -- cgit v1.2.3