View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005704unrealircdpublic2020-06-09 13:222020-06-10 08:29
Reporterk4be Assigned Tosyzop  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version5.0.5 
Fixed in Version5.0.5.1 
Summary0005704: labeled-response on websocket connections result in invalid messages from server
Description← @label=3 PRIVMSG #testtest :test test test test test
@label=3 �~
← @label=4 PRIVMSG #testtest :teeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeest
@label=4 �~@time=2020-06-09T11:21:50.814Z;msgid=ti7xvP7vEoAkokWrslQ45g;account=testowy :testowy!pirc@2a01:112f:911:c000:84a7:ab64:a9b8:afe3 PRIVMSG #testtest :teeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees
TagsNo tags attached.
3rd party modules

Activities

k4be

2020-06-09 14:55

developer   ~0021615

I've provided a fix at https://github.com/unrealircd/unrealircd/pull/116

syzop

2020-06-09 18:20

administrator   ~0021617

Last edited: 2020-06-09 18:20

 Set as private due to unknown security impact (looks like uninitialized memory or something)

k4be

2020-06-09 19:49

developer   ~0021618

Last edited: 2020-06-09 19:51

 Looks to me like websocket packets being tagged with @label and encapsulated one more time.

syzop

2020-06-10 08:04

administrator   ~0021619

Last edited: 2020-06-10 08:28

 Ah, right, I got confused by the low ascii characters in your output, but that was simply raw websocket traffic.

Your pull request makes sense with the priorities and such, but I am wondering why it seems to be working OK here:

At the websocket side:
SENT: @label=zzz PRIVMSG #xyz :hello everyone
RCVD: @label=zzz;time=2020-06-10T05:59:51.431Z;msgid=19auIhZtcehP1Se52JhaJm :[email protected] PRIVMSG #xyz :hello everyone

That is with the following caps enabled: labeled-response message-tags batch echo-message

I'm probably missing something? ;)

syzop

2020-06-10 08:10

administrator   ~0021620

Ah, right, if I load modules.optional.conf before modules.default.conf then I can reproduce. Ok.

I will change the priorities inspired by your PR but slightly different. I think we should change labeled-response priorities as well.

syzop

2020-06-10 08:29

administrator   ~0021621

Fixed in https://github.com/unrealircd/unrealircd/commit/dcb89f933e10af3148bde9188308ba853ab907ff

Issue History

Date Modified Username Field Change
2020-06-09 13:22 k4be New Issue
2020-06-09 14:55 k4be Note Added: 0021615
2020-06-09 18:20 syzop View Status public => private
2020-06-09 18:20 syzop Note Added: 0021617
2020-06-09 18:20 syzop Note Edited: 0021617
2020-06-09 19:49 k4be Note Added: 0021618
2020-06-09 19:51 k4be Note Edited: 0021618
2020-06-10 08:04 syzop Note Added: 0021619
2020-06-10 08:10 syzop Note Added: 0021620
2020-06-10 08:28 syzop View Status private => public
2020-06-10 08:28 syzop Note Edited: 0021619
2020-06-10 08:29 syzop Assigned To => syzop
2020-06-10 08:29 syzop Status new => resolved
2020-06-10 08:29 syzop Resolution open => fixed
2020-06-10 08:29 syzop Fixed in Version => 5.0.5.1
2020-06-10 08:29 syzop Note Added: 0021621