View Issue Details

IDProjectCategoryView StatusLast Update
0005708unrealircdpublic2020-07-14 18:59
Reporterk4be Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version5.0.5.1 
Summary0005708: Multiple lines (\r\n) in single websocket frame with labeled-response
DescriptionThe first three replies are sent in a single frame when using websocket (this seems to happen on every BATCH, for example replies for HISTORY and WHOIS commands).

← @label=xxx history #testtest

In a single packet:
→ @label=xxx :test3.pirc.pl BATCH +PbZCD0QZGMMHQwa7KU5Y4V labeled-response
→ @batch=PbZCD0QZGMMHQwa7KU5Y4V :test3.pirc.pl BATCH +2CrEHYl23nQnHSS4KOolGT chathistory #testtest
→ @batch=PbZCD0QZGMMHQwa7KU5Y4V;batch=2CrEHYl23nQnHSS4KOolGT;time=2020-06-12T13:56:03.465Z;msgid=i5gz6M8Qw0hWThWnCyJQFa :k4be!testowy@127.0.0.1 PRIVMSG #testtest :7

Then the rest (every line in their own packet):
→ @batch=2CrEHYl23nQnHSS4KOolGT;time=2020-06-12T13:56:05.306Z;msgid=n9AFDtvL1QSpclJltL9WX9 :k4be!testowy@127.0.0.1 PRIVMSG #testtest :8
→ @batch=2CrEHYl23nQnHSS4KOolGT;time=2020-06-12T13:56:07.204Z;msgid=mvIN1kI7vzGbFSNhPFpsIU :k4be!testowy@127.0.0.1 PRIVMSG #testtest :9
...
Steps To ReproduceCreate a channel, set +H and store some history entries. Then do:
cap req :labeled-response batch server-time message-tags
@label=xxx history #testtest
TagsNo tags attached.
3rd party modules

Activities

syzop

2020-06-12 17:57

administrator   ~0021628

Thanks, probably not very easy to fix but we'll look into it (not very soon, though).

syzop

2020-07-14 18:59

administrator   ~0021663

websocket_create_frame() would need to be rewritten with some kind of loop. However, that needs to be done very carefully as it is very easy to make a small mistake there that lead to crashes and security issues. I don't have time for that at this very moment... and tbh I don't trust anyone else ;)

Issue History

Date Modified Username Field Change
2020-06-12 17:38 k4be New Issue
2020-06-12 17:40 k4be Description Updated View Revisions
2020-06-12 17:40 k4be Steps to Reproduce Updated View Revisions
2020-06-12 17:45 syzop Summary Invalid BATCH behaviour when using labeled-response or websocket => Multiple lines (\r\n) in single websocket frame with labeled-response
2020-06-12 17:45 syzop Description Updated View Revisions
2020-06-12 17:48 k4be Description Updated View Revisions
2020-06-12 17:48 k4be Steps to Reproduce Updated View Revisions
2020-06-12 17:56 syzop Description Updated View Revisions
2020-06-12 17:57 syzop Status new => acknowledged
2020-06-12 17:57 syzop Note Added: 0021628
2020-07-14 18:59 syzop Note Added: 0021663