View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004132 | unreal | ircd | public | 2012-10-17 12:19 | 2015-07-12 17:23 |
| Reporter | replicator | Assigned To | syzop | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Linux | OS | Debian | ||
| Product Version | 3.2.9 | ||||
| Fixed in Version | 3.4-beta1 | ||||
| Summary | 0004132: Crach on WHO with a IRC Service. | ||||
| Description | I'm developing a service IRC and when I use the command "WHO" in the IRC service, UnrealIRCd crash automatically. Then I tried to reproduce this command via OperServ, same problem. | ||||
| Steps To Reproduce | Only use command WHO with Operserv raw or to develop a IRC Service. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
There are a number of commands that will not work well if you request them from a server instead of a user. Some of these commands cause a crash of the IRCd. While this is not good, in the past we chose to leave out various checks because 'servers are trusted'. Nowadays, I don't mind fixing them if a patch is provided (otherwise it isn't really high on my priority list). For the same reason (or at least one of the reasons) services like anope disable RAW support: because it's so dangerous. If you want to be on the safe side, then limit your requests to the commands listed in serverprotocol.html, and /helpop ?svscmds. Also, whenever playing with raw server commands, do so on an isolated (test) network, and not on a live network. As for WHO: Services should maintain 'state', meaning they should track which users are online (connect/disconnect) and the state of channels (join/part/kick/mode/etc). Therefore, services should never do a WHO request. Hope this clears things up :) |
|
|
Your reasoning totally understandable and I completely agree with. But I prefer to tell the extent it was still a total crash and I did not know that you are aware of this problem. Thank you :) |
|
|
fixed today. added a bunch of CommandAdd() checks in 50+ functions (note that most of these already had checks in the actual function) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-10-17 12:19 | replicator | New Issue | |
| 2012-10-17 12:46 | syzop | Note Added: 0017182 | |
| 2012-10-17 12:47 | syzop | Note Edited: 0017182 | |
| 2012-10-17 13:58 | replicator | Note Added: 0017183 | |
| 2015-07-12 17:23 | syzop | Note Added: 0018476 | |
| 2015-07-12 17:23 | syzop | Status | new => resolved |
| 2015-07-12 17:23 | syzop | Fixed in Version | => 3.4-beta1 |
| 2015-07-12 17:23 | syzop | Resolution | open => fixed |
| 2015-07-12 17:23 | syzop | Assigned To | => syzop |
