View Issue Details

IDProjectCategoryView StatusLast Update
0006004unrealircdpublic2023-03-18 14:16
Reporterprogval Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version5.2.2 
Fixed in Version6.0.7 
Summary0006004: The optional <target> parameter of INFO is ignored
DescriptionBoth RFCs and the Modern spec define an optional parameter to the INFO command

* https://datatracker.ietf.org/doc/html/rfc1459#section-4.3.8
* https://datatracker.ietf.org/doc/html/rfc2812#section-3.4.10
* https://modern.ircdocs.horse/#rplendofinfo-374

Some Unreal configs seem to ignore it, and always return the info of the local server.
Steps To Reproducefirst scenario:

1. link two servers with different versions (let's call them serverA and serverB)
2. connect to serverA
3. send "INFO serverB"
4. version of serverA is returned, instead of serverB's

second scenario:

1. connect to any server
2. send "INFO invalid.server"
3. info for serverA is returned, instead of ERR_NOSUCHSERVER
Additional InformationIt's unclear to me when/why it happens, but it currently does on irc1.unrealircd.org.
TagsNo tags attached.
3rd party modules

Activities

progval

2021-11-20 13:03

reporter   ~0022196

Someone identified why it happens: remote /info is oper-only https://github.com/unrealircd/unrealircd/blob/b3b40e62c52085f40837385b5407b70899960a03/src/serv.c#L344

syzop

2021-11-29 18:26

administrator   ~0022223

Yeah exactly, this is done to prevent major flooding issues. Regardless of that, I also think it is fine not to show this info to users to remote servers (ones that they may not even have direct access to)

We could perhaps send ERR_NOPRIVILEGES instead of just converting it to local, that would be less confusing. So leaving this bug open to do that.

syzop

2023-03-18 14:16

administrator   ~0022781

And done now, thanks for bringing it up, I think this is better.
https://github.com/unrealircd/unrealircd/commit/99c3f8688e857f6d4162ced2a953de244f3a2a30

commit 99c3f8688e857f6d4162ced2a953de244f3a2a30 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD)
Author: Bram Matthys <[email protected]>
Date: Sat Mar 18 14:11:48 2023 +0100

    When we blocked remote requests for CREDITS/INFO/LICENSE 10 years ago
    due to flood attacks, back then we changed the argument silently to
    point to our own server, eg 'INFO some.remote.server' ended up being
    'INFO' (local server) when requested by non-IRCOps.
    Now, we simply return "Permission denied" in such cases, which is
    more clear and explicit.
    Reported by progval in https://bugs.unrealircd.org/view.php?id=6004

Issue History

Date Modified Username Field Change
2021-11-20 12:44 progval New Issue
2021-11-20 13:03 progval Note Added: 0022196
2021-11-29 18:26 syzop Note Added: 0022223
2021-11-29 18:26 syzop Assigned To => syzop
2021-11-29 18:26 syzop Status new => acknowledged
2023-03-18 14:16 syzop Status acknowledged => resolved
2023-03-18 14:16 syzop Resolution open => fixed
2023-03-18 14:16 syzop Fixed in Version => 6.0.7
2023-03-18 14:16 syzop Note Added: 0022781