software/!RELEASES/ircservices/achurch.org/services/lists/ircservices/2003/003532.html

   1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
   2 <HTML>
   3  <HEAD>
   4    <TITLE> [IRCServices] Possible bug
   5    </TITLE>
   6    <LINK REL="Index" HREF="index.html" >
   7    <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Possible%20bug&In-Reply-To=">
   8    <META NAME="robots" CONTENT="index,nofollow">
   9    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
  10    <LINK REL="Previous"  HREF="003925.html">
  11    <LINK REL="Next"  HREF="003533.html">
  12  </HEAD>
  13  <BODY BGCOLOR="#ffffff">
  14    <H1>[IRCServices] Possible bug</H1>
  15     <B>Gastaman</B>
  16     <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Possible%20bug&In-Reply-To="
  17        TITLE="[IRCServices] Possible bug">gastaman at azzurra.org
  18        </A><BR>
  19     <I>Fri Jan 31 16:52:06 PST 2003</I>
  20     <P><UL>
  21         <LI>Previous message: <A HREF="003925.html">[IRCServices] Services 5.0.7 released
  22 </A></li>
  23         <LI>Next message: <A HREF="003533.html">[IRCServices] Possible bug
  24 </A></li>
  25          <LI> <B>Messages sorted by:</B>
  26               <a href="date.html#3532">[ date ]</a>
  27               <a href="thread.html#3532">[ thread ]</a>
  28               <a href="subject.html#3532">[ subject ]</a>
  29               <a href="author.html#3532">[ author ]</a>
  30          </LI>
  31        </UL>
  32     <HR>
  33 <!--beginarticle-->
  34 <PRE>You may want to take a look at the
  35 split_buf() function in process.c, I believe
  36 that there is a bug in how the argv[]'s are
  37 filled that might be exploited easily on some
  38 boxes.
  39
  40 Depending on what the isspace() function
  41 considers as space (usually 7-8 characters,
  42 including line feeds, tabs, and the like,
  43 and not just the actual space character),
  44 when you strpbrk() the buffer looking for
  45 an actual space, if the result is composed
  46 only of those other characters considered
  47 spaces by the isspace() function, the whole
  48 string will be skipped, and bad things can
  49 happen.
  50
  51 This is easily exploitable with, say, a
  52 //mode #channel +k $chr(9)
  53 in mIRC.
  54
  55 I hope I'm wrong about this... :)
  56
  57 --
  58 Gastaman @ irc.azzurra.org || irc.dal.net
  59
  60 Fan di Adachi - <A HREF="http://www.adachi.it">http://www.adachi.it</A>
  61 Moderatore di IAFM - it.arti.fumetti.manga
  62
  63
  64 </PRE>
  65
  66 <!--endarticle-->
  67     <HR>
  68     <P><UL>
  69         <!--threads-->
  70         <LI>Previous message: <A HREF="003925.html">[IRCServices] Services 5.0.7 released
  71 </A></li>
  72         <LI>Next message: <A HREF="003533.html">[IRCServices] Possible bug
  73 </A></li>
  74          <LI> <B>Messages sorted by:</B>
  75               <a href="date.html#3532">[ date ]</a>
  76               <a href="thread.html#3532">[ thread ]</a>
  77               <a href="subject.html#3532">[ subject ]</a>
  78               <a href="author.html#3532">[ author ]</a>
  79          </LI>
  80        </UL>
  81
  82 </body></html>