From 142eebcf9beab9c48eada88d457cbd56ddbbd096 Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Sat, 8 Jan 2011 18:26:31 +0000
Subject: [PATCH] Protect ZNC against CTCP floods

Ingredients:
- A couple of bots (3 are plenty)
- Boredom
- A target you want to annoy

Recipe:
Connect your bots to the same IRC network that your target is on. Then let each
of your bot flood him with CTCP VERSION request. If the target is gentle enough
to reply to each of those request, he will be disconnected from the network due
to excess flood.

This commit makes ZNC only reply to 5 CTCPs within 5 seconds. If more are sent,
they aren't replied to. This does NOT protect clients that are connected to ZNC.
They will still get the chance to reply to the flood.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2258 726aef4b-f618-498e-8847-2d620e286838
---
 IRCSock.cpp | 18 ++++++++++++++++++
 IRCSock.h   |  4 ++++
 2 files changed, 22 insertions(+)

diff --git a/IRCSock.cpp b/IRCSock.cpp
index 64984250..0f61194c 100644
--- a/IRCSock.cpp
+++ b/IRCSock.cpp
@@ -13,6 +13,10 @@
 #include "User.h"
 #include "znc.h"
 
+// These are used in OnGeneralCTCP()
+const unsigned int CIRCSock::m_uCTCPFloodTime = 5;
+const unsigned int CIRCSock::m_uCTCPFloodCount = 5;
+
 CIRCSock::CIRCSock(CUser* pUser) : CZNCSock() {
 	m_pUser = pUser;
 	m_bISpoofReleased = false;
@@ -25,6 +29,8 @@ CIRCSock::CIRCSock(CUser* pUser) : CZNCSock() {
 
 	m_uMaxNickLen = 9;
 	m_uCapPaused = 0;
+	m_lastCTCP = 0;
+	m_uNumCTCP = 0;
 	m_sPerms = "*!@%+";
 	m_sPermModes = "qaohv";
 	m_mueChanModes['b'] = ListArg;
@@ -839,6 +845,18 @@ bool CIRCSock::OnGeneralCTCP(CNick& Nick, CString& sMessage) {
 	}
 
 	if (!sReply.empty()) {
+		time_t now = time(NULL);
+		// If the last CTCP is older than m_uCTCPFloodTime, reset the counter
+		if (m_lastCTCP + m_uCTCPFloodTime < now)
+			m_uNumCTCP = 0;
+		m_lastCTCP = now;
+		// If we are over the limit, don't reply to this CTCP
+		if (m_uNumCTCP >= m_uCTCPFloodCount) {
+			DEBUG("CTCP flood detected - not replying to query");
+			return false;
+		}
+		m_uNumCTCP++;
+
 		PutIRC("NOTICE " + Nick.GetNick() + " :\001" + sQuery + " " + sReply + "\001");
 		return true;
 	}
diff --git a/IRCSock.h b/IRCSock.h
index 6c5c35cb..4022e64b 100644
--- a/IRCSock.h
+++ b/IRCSock.h
@@ -117,6 +117,10 @@ protected:
 	unsigned int                        m_uCapPaused;
 	SCString                            m_ssAcceptedCaps;
 	SCString                            m_ssPendingCaps;
+	time_t                              m_lastCTCP;
+	unsigned int                        m_uNumCTCP;
+	static const unsigned int           m_uCTCPFloodTime;
+	static const unsigned int           m_uCTCPFloodCount;
 };
 
 #endif // !_IRCSOCK_H