comparison libpurple/protocols/irc/irc.c @ 31897:1a248102e437

Send * as our local hostname for the USER message at signon. This value is ignored by most servers anyway, and could disclose location information for users connecting via Tor, through VPNs, or via other proxying systems. References #8322
author Ethan Blanton <elb@pidgin.im>
date Sun, 03 Apr 2011 20:21:22 +0000
parents 7c33eaed54e5
children 6b3bc0947068 54a700cedb38
comparison
equal deleted inserted replaced
31896:0123005d0fb8 31897:1a248102e437
401 } 401 }
402 } 402 }
403 403
404 static gboolean do_login(PurpleConnection *gc) { 404 static gboolean do_login(PurpleConnection *gc) {
405 char *buf, *tmp = NULL; 405 char *buf, *tmp = NULL;
406 char *hostname, *server; 406 char *server;
407 const char *hosttmp;
408 const char *username, *realname; 407 const char *username, *realname;
409 struct irc_conn *irc = gc->proto_data; 408 struct irc_conn *irc = gc->proto_data;
410 const char *pass = purple_connection_get_password(gc); 409 const char *pass = purple_connection_get_password(gc);
411 410
412 if (pass && *pass) { 411 if (pass && *pass) {
430 while ((buf = strchr(tmp, ' ')) != NULL) { 429 while ((buf = strchr(tmp, ' ')) != NULL) {
431 *buf = '_'; 430 *buf = '_';
432 } 431 }
433 } 432 }
434 433
435 hosttmp = purple_get_host_name();
436 if (*hosttmp == ':') {
437 /* This is either an IPv6 address, or something which
438 * doesn't belong here. Either way, we need to escape
439 * it. */
440 hostname = g_strdup_printf("0%s", hosttmp);
441 } else {
442 /* Ugly, I know. */
443 hostname = g_strdup(hosttmp);
444 }
445
446 if (*irc->server == ':') { 434 if (*irc->server == ':') {
447 /* Same as hostname, above. */ 435 /* Same as hostname, above. */
448 server = g_strdup_printf("0%s", irc->server); 436 server = g_strdup_printf("0%s", irc->server);
449 } else { 437 } else {
450 server = g_strdup(irc->server); 438 server = g_strdup(irc->server);
451 } 439 }
452 440
453 buf = irc_format(irc, "vvvv:", "USER", tmp ? tmp : username, hostname, server, 441 buf = irc_format(irc, "vvvv:", "USER", tmp ? tmp : username, "*", server,
454 strlen(realname) ? realname : IRC_DEFAULT_ALIAS); 442 strlen(realname) ? realname : IRC_DEFAULT_ALIAS);
455 g_free(tmp); 443 g_free(tmp);
456 g_free(hostname);
457 g_free(server); 444 g_free(server);
458 if (irc_send(irc, buf) < 0) { 445 if (irc_send(irc, buf) < 0) {
459 g_free(buf); 446 g_free(buf);
460 return FALSE; 447 return FALSE;
461 } 448 }