Reject clients that attempt to login before the core is configured

Properly-implemented clients should never try to do this, but if it is done, this patch prevents it from crashing the core. Thanks to @chaign_c (https://twitter.com/chaign_c/) for finding this issue. (cherry picked from commit e17fca7)
quassel · Apr 23, 2018 · 08bace4 · 08bace4
1 parent 18389a7
commit 08bace4
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp
@@ -204,6 +204,12 @@ void CoreAuthHandler::handle(const Login &msg)
     if (!checkClientRegistered())
         return;
 
+    if (!Core::isConfigured()) {
+        qWarning() << qPrintable(tr("Client")) << qPrintable(socket()->peerAddress().toString()) << qPrintable(tr("attempted to login before the core was configured, rejecting."));
+        _peer->dispatch(ClientDenied(tr("<b>Attempted to login before core was configured!</b><br>The core must be configured before attempting to login.")));
+        return;
+    }
+
     UserId uid = Core::validateUser(msg.user, msg.password);
     if (uid == 0) {
         quInfo() << qPrintable(tr("Invalid login attempt from %1 as \"%2\"").arg(socket()->peerAddress().toString(), msg.user));