From 88a2a1484b03112d943ec0645f3599a8bf3525a3 Mon Sep 17 00:00:00 2001
From: jilles <devnull@localhost>
Date: Sat, 19 May 2007 16:36:51 -0700
Subject: [PATCH] [svn] Prevent too wide klines with CIDR masks.

---
 ChangeLog         |  9 +++++++++
 include/serno.h   |  2 +-
 modules/m_kline.c | 26 +++++++++++++++++++-------
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8762ad2..350c217 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+jilles      2007/05/19 22:21:10 UTC	(20070519-3464)
+  Log:
+  Exempt klines with a fixed user@ (no */?) from min_nonwildcard checks.
+  
+
+  Changes:	Modified:
+  +4 -0		trunk/modules/m_kline.c (File Modified) 
+
+
 jilles      2007/05/18 20:31:33 UTC	(20070518-3460)
   Log:
   - fold conf_connect_allowed() into accept_connection()
diff --git a/include/serno.h b/include/serno.h
index 1418768..5da9cf5 100644
--- a/include/serno.h
+++ b/include/serno.h
@@ -1 +1 @@
-#define SERNO "20070518-3460"
+#define SERNO "20070519-3464"
diff --git a/modules/m_kline.c b/modules/m_kline.c
index 0db2683..0b31f40 100644
--- a/modules/m_kline.c
+++ b/modules/m_kline.c
@@ -21,7 +21,7 @@
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  *  USA
  *
- *  $Id: m_kline.c 3464 2007-05-19 22:21:10Z jilles $
+ *  $Id: m_kline.c 3466 2007-05-19 23:36:51Z jilles $
  */
 
 #include "stdinc.h"
@@ -65,7 +65,7 @@ struct Message unkline_msgtab = {
 };
 
 mapi_clist_av1 kline_clist[] = { &kline_msgtab, &unkline_msgtab, NULL };
-DECLARE_MODULE_AV1(kline, NULL, NULL, kline_clist, NULL, NULL, "$Revision: 3464 $");
+DECLARE_MODULE_AV1(kline, NULL, NULL, kline_clist, NULL, NULL, "$Revision: 3466 $");
 
 /* Local function prototypes */
 static int find_user_host(struct Client *source_p, const char *userhost, char *user, char *host);
@@ -614,6 +614,7 @@ valid_wild_card(struct Client *source_p, const char *luser, const char *lhost)
 	const char *p;
 	char tmpch;
 	int nonwild = 0;
+	int bitlen;
 
 	/* user has no wildcards, always accept -- jilles */
 	if (!strchr(luser, '?') && !strchr(luser, '*'))
@@ -632,12 +633,23 @@ valid_wild_card(struct Client *source_p, const char *luser, const char *lhost)
 	}
 
 	/* try host, as user didnt contain enough */
-	p = lhost;
-	while ((tmpch = *p++))
+	/* special case for cidr masks -- jilles */
+	if ((p = strrchr(lhost, '/')) != NULL && IsDigit(p[1]))
 	{
-		if(!IsKWildChar(tmpch))
-			if(++nonwild >= ConfigFileEntry.min_nonwildcard)
-				return 1;
+		bitlen = atoi(p + 1);
+		/* much like non-cidr for ipv6, rather arbitrary for ipv4 */
+		if (bitlen > 0 && bitlen >= (strchr(lhost, ':') ? 4 * (ConfigFileEntry.min_nonwildcard - nonwild) : 6 - 2 * nonwild))
+			return 1;
+	}
+	else
+	{
+		p = lhost;
+		while ((tmpch = *p++))
+		{
+			if(!IsKWildChar(tmpch))
+				if(++nonwild >= ConfigFileEntry.min_nonwildcard)
+					return 1;
+		}
 	}
 
 	sendto_one_notice(source_p,