View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005925 | unreal | ircd | public | 2021-06-24 07:23 | 2021-06-25 11:54 |
| Reporter | Valware | Assigned To | syzop | ||
| Priority | normal | Severity | tweak | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 5.2.0 | ||||
| Fixed in Version | 5.2.1-rc1 | ||||
| Summary | 0005925: Validate UID in UID command | ||||
| Description | It is possible to send an invalid UID (even a normal nick) as the UID parameter in the UID command (so the 6th parameter). Tried this myself using a pseudeoserver and confirmed I can do it | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Can you show, like a paste of traffic (line) and then referencing what you think is wrong? |
|
|
This isn't actually anope, but I noticed that they were set this way in anope's anope_user SQL table, and connecting with it as a credential allows it :69L UID NickServ 0 1624497040 services services.host NickServ 0 +oS * Clk-BA0161F4.host * :Nickname Registration Service the 8th token here, which I believe is UID I'm not 100% on what's what, but I was told somewhere twice that a UID is supposed to start with a digit because the first three chars are supposed to reflect the SID. |
|
|
Ah ok, because yeah.. anope traffic looks fine, it uses a proper UID. I'll remove all anope references and update the title of this bug to reflect the need for validation of the UID parameter. |
|
|
Thanks for the report, should now be fixed. It should not affect any services out there. If it does, do let me know. https://github.com/unrealircd/unrealircd/commit/26a3444f4e530c1fa5b86d98c93418a5652aab4d commit 26a3444f4e530c1fa5b86d98c93418a5652aab4d (HEAD -> unreal52, origin/unreal52, origin/HEAD) Author: Bram Matthys <[email protected]> Date: Fri Jun 25 11:43:52 2021 +0200 Validate the UID in cmd_uid(). Reported by Valware in https://bugs.unrealircd.org/view.php?id=5925 This does two things in cmd_uid() now: * It checks if parameter 6 in UID is a valid UID, using valid_uid() * It checks if the first 3 characters of the UID match the SID |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-06-24 07:23 | Valware | New Issue | |
| 2021-06-24 17:03 | syzop | Note Added: 0022027 | |
| 2021-06-24 17:04 | syzop | Assigned To | => syzop |
| 2021-06-24 17:04 | syzop | Status | new => feedback |
| 2021-06-24 17:17 | Valware | Note Added: 0022028 | |
| 2021-06-24 17:50 | syzop | Summary | UIDs can (and are in the case of anope) not reflect SID => Validate UID in UID command |
| 2021-06-24 17:50 | syzop | Description Updated | |
| 2021-06-24 17:50 | syzop | Steps to Reproduce Updated | |
| 2021-06-24 17:50 | syzop | Note Added: 0022029 | |
| 2021-06-24 17:50 | syzop | Status | feedback => confirmed |
| 2021-06-24 17:53 | syzop | Note Edited: 0022029 | |
| 2021-06-25 11:37 | syzop | Priority | low => normal |
| 2021-06-25 11:54 | syzop | Status | confirmed => resolved |
| 2021-06-25 11:54 | syzop | Resolution | open => fixed |
| 2021-06-25 11:54 | syzop | Fixed in Version | => 5.2.1-rc1 |
| 2021-06-25 11:54 | syzop | Note Added: 0022031 |
