View Issue Details

IDProjectCategoryView StatusLast Update
0004132unrealircdpublic2015-07-12 17:23
ReporterreplicatorAssigned Tosyzop 
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSDebianOS Version
Product Version3.2.9 
Target VersionFixed in Version3.4-beta1 
Summary0004132: Crach on WHO with a IRC Service.
Description

I'm developing a service IRC and when I use the command "WHO" in the IRC service, UnrealIRCd crash automatically.

Then I tried to reproduce this command via OperServ, same problem.
Steps To Reproduce
Only use command WHO with Operserv raw or to develop a IRC Service.
TagsNo tags attached.
3rd party modules

Activities

syzop

2012-10-17 12:46

administrator   ~0017182

Last edited: 2012-10-17 12:47

View 2 revisions

There are a number of commands that will not work well if you request them from a server instead of a user.
Some of these commands cause a crash of the IRCd. While this is not good, in the past we chose to leave out various checks because 'servers are trusted'. Nowadays, I don't mind fixing them if a patch is provided (otherwise it isn't really high on my priority list).
For the same reason (or at least one of the reasons) services like anope disable RAW support: because it's so dangerous.

If you want to be on the safe side, then limit your requests to the commands listed in serverprotocol.html, and /helpop ?svscmds.
Also, whenever playing with raw server commands, do so on an isolated (test) network, and not on a live network.

As for WHO:
Services should maintain 'state', meaning they should track which users are online (connect/disconnect) and the state of channels (join/part/kick/mode/etc). Therefore, services should never do a WHO request.

Hope this clears things up :)

replicator

2012-10-17 13:58

reporter   ~0017183

Your reasoning totally understandable and I completely agree with.

But I prefer to tell the extent it was still a total crash and I did not know that you are aware of this problem.

Thank you :)

syzop

2015-07-12 17:22

administrator   ~0018476

fixed today. added a bunch of CommandAdd() checks in 50+ functions (note that most of these already had checks in the actual function)

Issue History

Date Modified Username Field Change
2012-10-17 12:19 replicator New Issue
2012-10-17 12:46 syzop Note Added: 0017182
2012-10-17 12:47 syzop Note Edited: 0017182 View Revisions
2012-10-17 13:58 replicator Note Added: 0017183
2015-07-12 17:23 syzop Note Added: 0018476
2015-07-12 17:23 syzop Status new => resolved
2015-07-12 17:23 syzop Fixed in Version => 3.4-beta1
2015-07-12 17:23 syzop Resolution open => fixed
2015-07-12 17:23 syzop Assigned To => syzop