View Issue Details

IDProjectCategoryView StatusLast Update
0005166unrealircdpublic2019-01-21 16:57
ReporterSt3Nl3yAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version4.0.18 
Target VersionFixed in Version4.2.2-rc1 
Summary0005166: Block CTCP while on umode +T
DescriptionNow a user with umode +T can send "/ctcp nick version" when nick sends a version reply, but nick wont get its version reply because of umode +T

My suggestion will be:
When a user has umode +T, complete block sending ctcp's and/or give a notice that when +T is enabled: "ctcp is disabled please use /mode yournickname -T if you want to use CTCP"
Steps To Reproduce/mode Stanley +T
/ctcp test version
Additional InformationMy suggestion will be:
When a user has umode +T, complete block sending ctcp's and/or give a notice that when +T is enabled: "ctcp is disabled please use /mode yournickname -T if you want to use CTCP"
TagsUMODE
3rd party modules

Activities

HeXiLeD

2018-12-27 22:46

reporter   ~0020425

So, you are saying that if I am using +T, I should not be able to request version from another person ?
Have this in mind https://forums.unrealircd.org/viewtopic.php?f=52&t=8714

and I do not think that +T should block both the requester and the sender.
+T is set by default to anyone on my network. The user is then able to set -T as per need.
Admins will bypass +T for obvious reasons.

HeXiLeD

2018-12-27 22:48

reporter   ~0020426

And also https://forums.unrealircd.org/viewtopic.php?f=52&t=8706 which I forgot to include the previous reply. (should be merged)

Koragg

2018-12-27 23:01

reporter   ~0020427

@HeXiLeD if the sender has umode +T but the recipient does NOT have it, the sender will still NOT receive a CTCP reply so yes this does block both even if only the sender has it, This behaviour does sound un-intuitive (assuming both are regular users, no opers). Certanily still occurs on UnrealIRCd 4.2.0 (not tested on 4.2.1 yet though).

Regards,

Koragg

HeXiLeD

2018-12-27 23:35

reporter   ~0020428

@Koragg you are correct and I confirm the issue with 4.2.0. The requester/sender while with +T should be able to receive the ctcp reply to from a user with -T in the case of both non opers. Currently this is behavior does not occur and needs a fix.

For the oper situation, the mentioned module works as intended.

Koragg

2018-12-28 00:00

reporter   ~0020429

Yup, absolutely as it should be and thank You very much for confirming my discoveries. The non-oper scenario has been bugging me for a while now in UnrealIRCd (I often use the mode but many do not on the networks I am on that use UnrealIRCd) and just thought as someone had reported this finding, I would confirm it for them. Hop fully the purely user situation can be fixed soon!

Regards,

Koragg

syzop

2019-01-21 16:57

administrator   ~0020462

commit 083826ee949d7f8b884f4d133a804cf384c14b3a (HEAD -> unreal42, origin/unreal42)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Mon Jan 21 16:55:29 2019 +0100

    modules/usermodes/noctcp (+T): 1) only block CTCP's and not CTCP REPLIES,
    2) allow IRCOps to bypass user mode +T restrictions. Reported by St3Nl3y,
    HeXiLeD and Koragg in https://bugs.unrealircd.org/view.php?id=5166

https://github.com/unrealircd/unrealircd/commit/083826ee949d7f8b884f4d133a804cf384c14b3a

Issue History

Date Modified Username Field Change
2018-12-08 14:06 St3Nl3y New Issue
2018-12-08 14:06 St3Nl3y Tag Attached: UMODE
2018-12-27 22:46 HeXiLeD Note Added: 0020425
2018-12-27 22:48 HeXiLeD Note Added: 0020426
2018-12-27 23:01 Koragg Note Added: 0020427
2018-12-27 23:35 HeXiLeD Note Added: 0020428
2018-12-28 00:00 Koragg Note Added: 0020429
2019-01-21 16:57 syzop Assigned To => syzop
2019-01-21 16:57 syzop Status new => resolved
2019-01-21 16:57 syzop Resolution open => fixed
2019-01-21 16:57 syzop Fixed in Version => 4.2.2-rc1
2019-01-21 16:57 syzop Note Added: 0020462