"MODE #CHANNEL +b !" can crash the ircd ...
Cahata wrote...
"MODE #CHANNEL +b !" can crash the ircd ...
Besides the fact I could not reproduce this on several ngircd installations - I'm not very happy to see something that could be some kind of exploit code published without a prior warning. This is not responsible disclosure. If it would work, it would allow evildoers to shut down any public accessible ngircd running. Christoph
Am 02.01.2012 um 23:03 schrieb Christoph Biedl:
Cahata wrote...
"MODE #CHANNEL +b !" can crash the ircd ...
Besides the fact I could not reproduce this on several ngircd installations - I'm not very happy to see something that could be some kind of exploit code published without a prior warning. This is not responsible disclosure. If it would work, it would allow evildoers to shut down any public accessible ngircd running.
Christoph
I can reproduce it, but only with current GIT master branch. Most probably the affected code has been committed after ngIRCd release 18, so it is code that has never been released. I’ll investigate further and keep you informed. Regards Alex
Am 02.01.2012 um 23:31 schrieb Alexander Barton:
Am 02.01.2012 um 23:03 schrieb Christoph Biedl:
Cahata wrote...
"MODE #CHANNEL +b !" can crash the ircd ...
Besides the fact I could not reproduce this on several ngircd installations - I'm not very happy to see something that could be some kind of exploit code published without a prior warning. This is not responsible disclosure. If it would work, it would allow evildoers to shut down any public accessible ngircd running.
Christoph
I can reproduce it, but only with current GIT master branch. Most probably the affected code has been committed after ngIRCd release 18, so it is code that has never been released.
I’ll investigate further and keep you informed.
Commit ID 15fec92 introduced the bug (2011-12-25 „Update list item, if it already exists“), commit ID abfc5c6 fixes it (2012-01-02 „lists: don't crash if reason ptr is NULL“). Thanks to me for creating the bug, Cahata for reporting and Florian for fixing :-) And to make it really clear: The buggy code has been never released, so no „official“ ngIRCd release is affected. Regards Alex
Teilnehmer (4)
-
Alexander Barton -
Cahata -
Christoph Biedl -
Florian Westphal