1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2//EN">
4 <TITLE> [IRCServices] Possible bug
6 <LINK REL=
"Index" HREF=
"index.html" >
7 <LINK REL=
"made" HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Possible%20bug&In-Reply-To=5.1.0.14.2.20030201013224.00b846c8%40mail.telvia.it">
8 <META NAME=
"robots" CONTENT=
"index,nofollow">
9 <META http-equiv=
"Content-Type" content=
"text/html; charset=us-ascii">
10 <LINK REL=
"Previous" HREF=
"003532.html">
11 <LINK REL=
"Next" HREF=
"003931.html">
13 <BODY BGCOLOR=
"#ffffff">
14 <H1>[IRCServices] Possible bug
</H1>
16 <A HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Possible%20bug&In-Reply-To=5.1.0.14.2.20030201013224.00b846c8%40mail.telvia.it"
17 TITLE=
"[IRCServices] Possible bug">achurch at achurch.org
19 <I>Sat Feb
1 10:
25:
38 PST
2003</I>
21 <LI>Previous message:
<A HREF=
"003532.html">[IRCServices] Possible bug
23 <LI>Next message:
<A HREF=
"003931.html">[IRCServices] Possible bug
25 <LI> <B>Messages sorted by:
</B>
26 <a href=
"date.html#3533">[ date ]
</a>
27 <a href=
"thread.html#3533">[ thread ]
</a>
28 <a href=
"subject.html#3533">[ subject ]
</a>
29 <a href=
"author.html#3533">[ author ]
</a>
34 <PRE> I don't see how this could be
"exploited
" in the ordinary sense of the
35 word, but it can lead to desynchs. Thanks for pointing the problem out.
38 <A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org
</A>
39 <A HREF=
"http://achurch.org/">http://achurch.org/
</A>
41 ><i>You may want to take a look at the
42 </I>><i>split_buf() function in process.c, I believe
43 </I>><i>that there is a bug in how the argv[]'s are
44 </I>><i>filled that might be exploited easily on some
47 </I>><i>Depending on what the isspace() function
48 </I>><i>considers as space (usually
7-
8 characters,
49 </I>><i>including line feeds, tabs, and the like,
50 </I>><i>and not just the actual space character),
51 </I>><i>when you strpbrk() the buffer looking for
52 </I>><i>an actual space, if the result is composed
53 </I>><i>only of those other characters considered
54 </I>><i>spaces by the isspace() function, the whole
55 </I>><i>string will be skipped, and bad things can
58 </I>><i>This is easily exploitable with, say, a
59 </I>><i>//mode #channel +k $chr(
9)
62 </I>><i>I hope I'm wrong about this... :)
65 </I>><i>Gastaman @ irc.azzurra.org || irc.dal.net
67 </I>><i>Fan di Adachi -
<A HREF=
"http://www.adachi.it">http://www.adachi.it
</A>
68 </I>><i>Moderatore di IAFM - it.arti.fumetti.manga
71 </I>><i>------------------------------------------------------------------
72 </I>><i>To unsubscribe or change your subscription options, visit:
73 </I>><i><A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices
</A>
80 <LI>Previous message:
<A HREF=
"003532.html">[IRCServices] Possible bug
82 <LI>Next message:
<A HREF=
"003931.html">[IRCServices] Possible bug
84 <LI> <B>Messages sorted by:
</B>
85 <a href=
"date.html#3533">[ date ]
</a>
86 <a href=
"thread.html#3533">[ thread ]
</a>
87 <a href=
"subject.html#3533">[ subject ]
</a>
88 <a href=
"author.html#3533">[ author ]
</a>