View Issue Details

IDProjectCategoryView StatusLast Update
0005957unrealircdpublic2021-07-09 09:08
Reporterarmyn Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version5.2.0.1 
Fixed in Version5.2.1 
Summary0005957: Eline conflict
DescriptionToday I gline a user with this IP address: /gline *@127.133.22.93.rev.sfr.net (and /gline *@93.22.133.127)
but no luck he does not disconnect on IRC server.

I'm looking for the reason it's not logging out, I check / eline / stats except and see this:

[23:47:47] * *@127.* GkZzsbcd 0 93393 -default- localhost is always exempt

Fail of Unrealircd or not?
TagsNo tags attached.
3rd party modules

Activities

syzop

2021-07-07 08:53

administrator   ~0022084

Oh that is a funny oversight indeed. You can use /gzline (instead of /gline) to get rid of this particular user in the meantime :D

syzop

2021-07-07 09:35

administrator   ~0022085

I have marked the issue as 'private' as this is a security issue that should not be publicly known or spoken about until a fix/release is announced.
I expect to release UnreaIRCd 5.2.1 on Friday (48 hours from now). Unfortunately 5.2.1-rc1 needs 2-3 days more testing otherwise i would have released it today already.
I will also include a hot patch in the release announcement so people can fix the issue for both 5.0.9 and 5.2.x without a restart.

You can use the following command on on both 5.0.9 and 5.2.0(.x): ./unrealircd hot-patch exemptlocalhost
But please don't tell anyone yet for the next 48 hours (until release).

armyn

2021-07-07 09:37

reporter   ~0022086

@syzop ok thank, i would use gzline

armyn

2021-07-07 09:39

reporter   ~0022087

"I have marked the issue as 'private' as this is a security issue that should not be publicly known or spoken about until a fix/release is announced."
ah yes yes indeed

armyn

2021-07-07 09:43

reporter   ~0022088

>You can use the following command on on both 5.0.9 and 5.2.0 (.x): ./unrealircd hot-patch exemptlocalhost
>But please don't tell anyone yet for the next 48 hours (until release).

It's validated, it worked (but I haven't tested the gline on the other hand, because no user currently with this ip range)

syzop

2021-07-07 09:44

administrator   ~0022089

Oh and I forgot to say: thanks for the report, you have found several important bugs by now! :)

armyn

2021-07-07 09:45

reporter   ~0022090

ah yes I just did /stats except

result:
[09:45:06] * *@127.0.0.0/8 GkZzsbcd 0 176 -default- localhost is always exempt

armyn

2021-07-07 11:26

reporter   ~0022091

@Syzop there is a problem with the patch, it should not be published

armyn

2021-07-07 11:28

reporter   ~0022092

By typing this on a channel:

/mode #chan +e ~a: <account>

User cannot join the channel, there is no exception effect

armyn

2021-07-07 11:32

reporter   ~0022093

however yesterday it was working

syzop

2021-07-07 12:56

administrator   ~0022094

The patch could not have caused that. Maybe something else in your case :)

armyn

2021-07-07 15:59

reporter   ~0022095

@sysop ah yes it's resolved, it was +I ~a: <account>, not +e ~a:<account>

syzop

2021-07-07 16:47

administrator   ~0022096

Good :)

syzop

2021-07-09 09:05

administrator   ~0022099

Last edited: 2021-07-09 09:08

View 3 revisions

UnrealIRCd 5.2.1 was released today to fix it. Also announced the hot patch to fix the issue without restart.
Release announcement is in https://forums.unrealircd.org/viewtopic.php?f=1&t=9117
This bug is now no longer private but public.

Actual fix was https://github.com/unrealircd/unrealircd/commit/b398c3d1018436b5390302faa2f9c0fd67c463d5
commit b398c3d1018436b5390302faa2f9c0fd67c463d5
Author: Bram Matthys <syzop@vulnscan.org>
Date: Wed Jul 7 08:53:47 2021 +0200

    Change default exempt from 127.* to 127.0.0.0/8 so it does not match
    arbitrary hosts that have a host starting with "127.". A rather stupid
    oversight on my part, really.
    
    In the meantime, if this happens, then you can still resort to using
    ZLINE/GZLINE as a workaround to ban such a user. (The exemption won't
    match against the host because DNS lookups are not done for zlines)
    
    Reported by armyn in https://bugs.unrealircd.org/view.php?id=5957

Thanks again!

Issue History

Date Modified Username Field Change
2021-07-07 00:05 armyn New Issue
2021-07-07 08:53 syzop Note Added: 0022084
2021-07-07 09:02 syzop View Status public => private
2021-07-07 09:35 syzop Note Added: 0022085
2021-07-07 09:35 syzop Assigned To => syzop
2021-07-07 09:35 syzop Status new => confirmed
2021-07-07 09:37 armyn Note Added: 0022086
2021-07-07 09:39 armyn Note Added: 0022087
2021-07-07 09:43 armyn Note Added: 0022088
2021-07-07 09:44 syzop Note Added: 0022089
2021-07-07 09:45 armyn Note Added: 0022090
2021-07-07 11:26 armyn Note Added: 0022091
2021-07-07 11:28 armyn Note Added: 0022092
2021-07-07 11:32 armyn Note Added: 0022093
2021-07-07 12:56 syzop Note Added: 0022094
2021-07-07 15:59 armyn Note Added: 0022095
2021-07-07 16:47 syzop Note Added: 0022096
2021-07-09 09:05 syzop View Status private => public
2021-07-09 09:05 syzop Note Added: 0022099
2021-07-09 09:06 syzop Status confirmed => resolved
2021-07-09 09:06 syzop Resolution open => fixed
2021-07-09 09:06 syzop Fixed in Version => 5.2.1
2021-07-09 09:07 syzop Note Edited: 0022099 View Revisions
2021-07-09 09:08 syzop Note Edited: 0022099 View Revisions