rename -> *.git

[irc.git] / software / RELEASES / ircservices / achurch.org / services / lists / ircservices / 2003 / 003533.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [IRCServices] Possible bug
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Possible%20bug&In-Reply-To=5.1.0.14.2.20030201013224.00b846c8%40mail.telvia.it">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="003532.html">
   <LINK REL="Next"  HREF="003931.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[IRCServices] Possible bug</H1>
    <B>Andrew Church</B> 
    <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Possible%20bug&In-Reply-To=5.1.0.14.2.20030201013224.00b846c8%40mail.telvia.it"
       TITLE="[IRCServices] Possible bug">achurch at achurch.org
       </A><BR>
    <I>Sat Feb  1 10:25:38 PST 2003</I>
    <P><UL>
        <LI>Previous message: <A HREF="003532.html">[IRCServices] Possible bug
</A></li>
        <LI>Next message: <A HREF="003931.html">[IRCServices] Possible bug
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#3533">[ date ]</a>
              <a href="thread.html#3533">[ thread ]</a>
              <a href="subject.html#3533">[ subject ]</a>
              <a href="author.html#3533">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>     I don't see how this could be &quot;exploited&quot; in the ordinary sense of the
word, but it can lead to desynchs.  Thanks for pointing the problem out.

  --Andrew Church
    <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org</A>
    <A HREF="http://achurch.org/">http://achurch.org/</A>

&gt;<i>You may want to take a look at the
</I>&gt;<i>split_buf() function in process.c, I believe
</I>&gt;<i>that there is a bug in how the argv[]'s are
</I>&gt;<i>filled that might be exploited easily on some
</I>&gt;<i>boxes.
</I>&gt;<i>
</I>&gt;<i>Depending on what the isspace() function
</I>&gt;<i>considers as space (usually 7-8 characters,
</I>&gt;<i>including line feeds, tabs, and the like,
</I>&gt;<i>and not just the actual space character),
</I>&gt;<i>when you strpbrk() the buffer looking for
</I>&gt;<i>an actual space, if the result is composed
</I>&gt;<i>only of those other characters considered
</I>&gt;<i>spaces by the isspace() function, the whole
</I>&gt;<i>string will be skipped, and bad things can
</I>&gt;<i>happen.
</I>&gt;<i>
</I>&gt;<i>This is easily exploitable with, say, a
</I>&gt;<i>//mode #channel +k $chr(9)
</I>&gt;<i>in mIRC.
</I>&gt;<i>
</I>&gt;<i>I hope I'm wrong about this... :)
</I>&gt;<i>
</I>&gt;<i>-- 
</I>&gt;<i>Gastaman @ irc.azzurra.org || irc.dal.net
</I>&gt;<i>
</I>&gt;<i>Fan di Adachi - <A HREF="http://www.adachi.it">http://www.adachi.it</A>
</I>&gt;<i>Moderatore di IAFM - it.arti.fumetti.manga
</I>&gt;<i>
</I>&gt;<i>
</I>&gt;<i>------------------------------------------------------------------
</I>&gt;<i>To unsubscribe or change your subscription options, visit:
</I>&gt;<i><A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices</A>
</I></PRE>

<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
        <LI>Previous message: <A HREF="003532.html">[IRCServices] Possible bug
</A></li>
        <LI>Next message: <A HREF="003931.html">[IRCServices] Possible bug
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#3533">[ date ]</a>
              <a href="thread.html#3533">[ thread ]</a>
              <a href="subject.html#3533">[ subject ]</a>
              <a href="author.html#3533">[ author ]</a>
         </LI>
       </UL>

</body></html>