Am 02.01.2012 um 23:31 schrieb Alexander Barton:
Am 02.01.2012 um 23:03 schrieb Christoph Biedl:
Cahata wrote...
"MODE #CHANNEL +b !" can crash the ircd
...
Besides the fact I could not reproduce this on several ngircd
installations - I'm not very happy to see something that could be some
kind of exploit code published without a prior warning. This is not
responsible disclosure. If it would work, it would allow evildoers to
shut down any public accessible ngircd running.
Christoph
I can reproduce it, but only with current GIT master branch. Most probably the affected
code has been committed after ngIRCd release 18, so it is code that has never been
released.
I’ll investigate further and keep you informed.
Commit ID 15fec92 introduced the bug (2011-12-25 „Update list item, if it already
exists“),
commit ID abfc5c6 fixes it (2012-01-02 „lists: don't crash if reason ptr is NULL“).
Thanks to me for creating the bug, Cahata for reporting and Florian for fixing :-)
And to make it really clear:
The buggy code has been never released, so no „official“ ngIRCd release is affected.
Regards
Alex