software/!RELEASES/ircservices/achurch.org/services/lists/ircservices/2002/003422.html

   1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
   2 <HTML>
   3  <HEAD>
   4    <TITLE> [IRCServices] Bug in mode locked keys in 5.0.6
   5    </TITLE>
   6    <LINK REL="Index" HREF="index.html" >
   7    <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To=">
   8    <META NAME="robots" CONTENT="index,nofollow">
   9    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
  10    <LINK REL="Previous"  HREF="003421.html">
  11    <LINK REL="Next"  HREF="003431.html">
  12  </HEAD>
  13  <BODY BGCOLOR="#ffffff">
  14    <H1>[IRCServices] Bug in mode locked keys in 5.0.6</H1>
  15     <B>Craig Edwards</B>
  16     <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To="
  17        TITLE="[IRCServices] Bug in mode locked keys in 5.0.6">brain at brainbox.winbot.co.uk
  18        </A><BR>
  19     <I>Tue Dec 31 10:15:06 PST 2002</I>
  20     <P><UL>
  21         <LI>Previous message: <A HREF="003421.html">[IRCServices] Services Bug
  22 </A></li>
  23         <LI>Next message: <A HREF="003431.html">[IRCServices] Bug in mode locked keys in 5.0.6
  24 </A></li>
  25          <LI> <B>Messages sorted by:</B>
  26               <a href="date.html#3422">[ date ]</a>
  27               <a href="thread.html#3422">[ thread ]</a>
  28               <a href="subject.html#3422">[ subject ]</a>
  29               <a href="author.html#3422">[ author ]</a>
  30          </LI>
  31        </UL>
  32     <HR>
  33 <!--beginarticle-->
  34 <PRE>We've just discovered a bug in ircservices 5.0.6 where a channel can be joined which has a key modelocked, and not only does it allow the client to enter, it also shows them the key, if the room is empty. In the following test, the channel is registered with the mode lock &quot;+ntk mykey&quot;, and is empty.
  35 Guest2088478498 is not on any access lists for the channel.
  36
  37 *** services.chatspike.net changes topic to '(ChanServ)'
  38 *** ChanServ sets mode: +ntrk-o mykey Guest2088478498
  39
  40 As you can see, the guest user now has the key for the channel, and could part, to come back when users are around and abuse it later.
  41
  42 A little discussion led us to think that a good fix for this would be to treat keyed channels in the same way as +O channels, unless the correct key is supplied in the JOIN raw, if +k is mode locked, kick out the user before the locked modes and topic are set by chanserv/services.*
  43
  44 Thanks for your time,
  45 Craig Edwards
  46 ChatSpike admin
  47
  48
  49
  50 </PRE>
  51
  52 <!--endarticle-->
  53     <HR>
  54     <P><UL>
  55         <!--threads-->
  56         <LI>Previous message: <A HREF="003421.html">[IRCServices] Services Bug
  57 </A></li>
  58         <LI>Next message: <A HREF="003431.html">[IRCServices] Bug in mode locked keys in 5.0.6
  59 </A></li>
  60          <LI> <B>Messages sorted by:</B>
  61               <a href="date.html#3422">[ date ]</a>
  62               <a href="thread.html#3422">[ thread ]</a>
  63               <a href="subject.html#3422">[ subject ]</a>
  64               <a href="author.html#3422">[ author ]</a>
  65          </LI>
  66        </UL>
  67
  68 </body></html>