From 4e2bf8bf612f4837319b9a20d7e5d10a910779d9 Mon Sep 17 00:00:00 2001
From: Garry Zacheiss <zacheiss@mit.edu>
Date: Mon, 2 Jul 2001 23:28:31 +0000
Subject: Don't accept subscriptions from foreign realms for acl'ed classes.

---
 server/subscr.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

(limited to 'server/subscr.c')

diff --git a/server/subscr.c b/server/subscr.c
index eb3ba27..30b6d64 100644
--- a/server/subscr.c
+++ b/server/subscr.c
@@ -186,14 +186,19 @@ add_subscriptions(who, subs, notice, server)
 		}
 	    }
 	}
-	if (realm && !bdumping && server && server == me_server) {
-	    retval = subscr_realm_sendit(who, subs, notice, realm);
-	    if (retval != ZERR_NONE) {
-		free_subscriptions(subs);
-		free_string(sender);
-		return(retval);
+	if (realm && !bdumping) {
+	    if (server && server == me_server) {
+	        retval = subscr_realm_sendit(who, subs, notice, realm);
+	        if (retval != ZERR_NONE) {
+		    free_subscriptions(subs);
+		    free_string(sender);
+		    return(retval);
+		} else {
+		    /* free this one, will get from ADD */
+		    free_subscription(subs);
+		}
 	    } else {
-	      free_subscription(subs); /* free this one, will get from ADD */
+	            /* Indicates we leaked traffic back to our realm */
 	    }
 	} else {
 	  retval = triplet_register(who, &subs->dest, NULL);
@@ -1475,7 +1480,10 @@ subscr_check_foreign_subs(notice, who, server, realm, newsubs)
 		    syslog(LOG_WARNING, "subscr auth not verifiable %s (%s) class %s",
 			   sender->string, rlm->name, 
 			   subs->dest.classname->string);
-		    continue; 
+		    free_subscriptions(newsubs);
+		    free_string(sender);
+		    free(text);
+		    return ZSRV_CLASSRESTRICTED;
 		} 
 	    } 
 	    if (!access_check(sender->string, acl, SUBSCRIBE)) {
-- 
cgit v1.2.3