From caef3ed3a1337b5d966fa76262423376ce955304 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Sun, 15 Jun 2025 18:29:30 -0400
Subject: [PATCH] validate key names for sub

---
 irc/handlers.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/irc/handlers.go b/irc/handlers.go
index 8eee917f..38422f6d 100644
--- a/irc/handlers.go
+++ b/irc/handlers.go
@@ -3246,7 +3246,12 @@ func metadataHandler(server *Server, client *Client, msg ircmsg.Message, rb *Res
 
 	case "sub":
 		keys := msg.Params[2:]
-		// TODO validate key names here
+		for _, key := range keys {
+			if metadataKeyIsEvil(key) {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_INVALID", utils.SafeErrorParam(key), client.t("Invalid key name"))
+				return
+			}
+		}
 		added, err := rb.session.SubscribeTo(keys...)
 		if err == errMetadataTooManySubs {
 			bad := keys[len(added)] // get the key that broke the camel's back