From af5de020a96277b9869e89cd52916c66c76effb4 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Fri, 1 Jan 1999 06:02:21 +0000 Subject: [PATCH] Fixed security problem relating to private rooms --- citadel/ChangeLog | 3 +++ citadel/room_ops.c | 8 +++++++- citadel/user_ops.c | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/citadel/ChangeLog b/citadel/ChangeLog index 564e01f58..5485c0940 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,3 +1,6 @@ +Fri Jan 1 01:01:45 EST 1999 Art Cancro + * Fixed security problem relating to private rooms + Wed Dec 30 20:10:52 EST 1998 Art Cancro * sysdep.c: put a bigger string buffer into lprintf() to avoid overruns diff --git a/citadel/room_ops.c b/citadel/room_ops.c index f1bf82cb8..2bdd6ed30 100644 --- a/citadel/room_ops.c +++ b/citadel/room_ops.c @@ -794,6 +794,12 @@ void cmd_goto(char *gargs) ERROR+PASSWORD_REQUIRED); return; } + else if ( (QRscratch.QRflags&QR_PRIVATE) && + ((QRscratch.QRflags&QR_PASSWORDED)==0) && + ((QRscratch.QRflags&QR_GUESSNAME)==0) && + ((ra & UA_KNOWN) == 0) ) { + goto NOPE; + } else { usergoto(towhere, 1); return; @@ -801,7 +807,7 @@ void cmd_goto(char *gargs) } } - cprintf("%d room '%s' not found\n",ERROR+ROOM_NOT_FOUND,towhere); +NOPE: cprintf("%d room '%s' not found\n",ERROR+ROOM_NOT_FOUND,towhere); } diff --git a/citadel/user_ops.c b/citadel/user_ops.c index fb3913dce..c5cc377e2 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -776,6 +776,7 @@ void cmd_forg(void) { CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); vbuf.v_flags = vbuf.v_flags | V_FORGET; + vbuf.v_flags = vbuf.v_flags & ~V_ACCESS; CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom); lputuser(&CC->usersupp,CC->curr_user); -- 2.39.2