diff options
author | Test_User <hax@andrewyu.org> | 2024-05-06 07:17:17 -0400 |
---|---|---|
committer | Test_User <hax@andrewyu.org> | 2024-05-06 07:17:17 -0400 |
commit | cd01eeadcbf5e5e1c81244b69b5c9079a3b58675 (patch) | |
tree | b7ea9ebb130ec6b5ca88954cd4c377eaba2816d4 | |
parent | 73e340fff91d0bea73048556367ae7b42e42bc78 (diff) | |
download | coupserv-cd01eeadcbf5e5e1c81244b69b5c9079a3b58675.tar.gz coupserv-cd01eeadcbf5e5e1c81244b69b5c9079a3b58675.zip |
multi-haxserv priv escalation fixed
Diffstat (limited to '')
-rw-r--r-- | client_network.c | 11 | ||||
-rw-r--r-- | server_network.c | 8 |
2 files changed, 11 insertions, 8 deletions
diff --git a/client_network.c b/client_network.c index f333344..93ad1d9 100644 --- a/client_network.c +++ b/client_network.c @@ -156,10 +156,6 @@ int add_local_client(struct string uid, struct string nick_arg, struct string vh SEND(NULSTR(string_time)); SEND(STRING(" +k :")); SEND(realname); - SEND(STRING("\n:")); - SEND(uid); - SEND(STRING(" OPERTYPE ")); - SEND(opertype); SEND(STRING("\n")); if (fake_cert) { SEND(STRING(":1HC METADATA ")); @@ -168,6 +164,13 @@ int add_local_client(struct string uid, struct string nick_arg, struct string vh SEND(client_cert); SEND(STRING("\n")); } + if (!STRING_EQ(uid, STRING("1HC000000"))) { // Don't oper haxserv, because echo is unprivileged + SEND(STRING(":")); + SEND(uid); + SEND(STRING(" OPERTYPE ")); + SEND(opertype); + SEND(STRING("\n")); + } return 0; diff --git a/server_network.c b/server_network.c index 9b8e2e3..d15b96e 100644 --- a/server_network.c +++ b/server_network.c @@ -399,14 +399,14 @@ int kill_handler(struct string sender, uint64_t argc, struct string *argv) { SEND(NULSTR(nick_time)); SEND(STRING(" +k :")); SEND(user->realname); - SEND(STRING("\n:")); - SEND(argv[0]); - SEND(STRING(" OPERTYPE ")); - SEND(opertype); SEND(STRING("\n")); if (STRING_EQ(argv[0], STRING("1HC000001"))) { SEND(STRING(":1HC METADATA 1HC000001 ssl_cert :vTrse ")); SEND(client_cert); + SEND(STRING("\n:")); + SEND(argv[0]); + SEND(STRING(" OPERTYPE ")); + SEND(opertype); SEND(STRING("\n")); } |