0006068: User real IP exposed when doing "/HostServ off" (using Anope) if the IRC client doesn't support CHGHOST capability - UnrealIRCd Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0006068	unreal	ircd	public	2022-02-08 00:49	2022-03-23 07:46

Reporter	PeGaSuS	Assigned To	syzop
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Platform	Linux	OS	Ubuntu	OS Version	20.04
Product Version	6.0.2

Summary	0006068: User real IP exposed when doing "/HostServ off" (using Anope) if the IRC client doesn't support CHGHOST capability
Description	When we have set::allow-userhost-change (https://www.unrealircd.org/docs/Set_block#set::allow-userhost-change) set to "force-rejoin", every time a user does "/hostserv off" (using Anope) the user real IP is exposed for a fraction of a second if the IRC client doesn't support the CHGHOST capability (or if you remove it with "/cap req -chghost"). IRCCloud seems to have a similar behavior although it has CHGHOST support. I'm unsure if this is a services issue or an IRCd issue.
Steps To Reproduce	1) Set set::allow-userhost-change to "force-rejoin" 2) Join the network with an IRC client like Hexchat and do "/cap req -chghost" 3) Do "/hs off" with another nick
Additional Information	Output with "/cap req -chghost" on Hexchat: [08/02/2022 - 00:16:02] * LocalGhost (uid376365@PTirc/Users/James) has left (Changing host) [08/02/2022 - 00:16:02] * LocalGhost ([email protected]) has joined [08/02/2022 - 00:16:02] * irc3.ptirc.org sets modes [#Portugal +o LocalGhost] [08/02/2022 - 00:16:02] * LocalGhost ([email protected]) has left (Changing host) [08/02/2022 - 00:16:02] * LocalGhost (uid376365@32E4615F:15F25CF6:80AEFEA0:IP) has joined [08/02/2022 - 00:16:02] * irc3.ptirc.org sets modes [#Portugal +o LocalGhost] Output from IRCCloud (which has CHGHOST support and I didn't disabled it) which is more compact: 00:16:02 @LocalGhost changed host: uid376365@PTirc/Users/James → [email protected] 00:16:03 @LocalGhost changed host: [email protected] → uid376365@32E4615F:15F25CF6:80AEFEA0:IP
Tags	No tags attached.

3rd party modules

Jobe 2022-02-08 00:53 reporter ~0022398	Have you got a raw protocol log of the messages Anope sends to UnrealIRCd as a direct result of the /hs off request? Because this looks a little to me like a combination of actions rather then a single action so need clarification on that from the raw log.

Jobe 2022-02-08 01:11 reporter ~0022399	Never mind, we discussed this on #anope, it appears Anope was sending -xt and then a separate +x, instead of simply sending a -t, this resulted in 2 separate host change events and thus 2 separate part+join resyncs.

PeGaSuS 2022-02-08 01:18 reporter ~0022400	I've submitted a PR to Anope (https://github.com/anope/anope/pull/289) that should fix this behavior. Tested on lt network with the expected results.

PeGaSuS 2022-02-08 01:19 reporter ~0022401	*Tested on my network with the expected results. (can't edit previous post)

syzop 2022-03-23 07:46 administrator ~0022416	Good :)

Date Modified	Username	Field	Change
2022-02-08 00:49	PeGaSuS	New Issue
2022-02-08 00:53	Jobe	Note Added: 0022398
2022-02-08 01:11	Jobe	Note Added: 0022399
2022-02-08 01:18	PeGaSuS	Note Added: 0022400
2022-02-08 01:19	PeGaSuS	Note Added: 0022401
2022-03-23 07:46	syzop	Assigned To	=> syzop
2022-03-23 07:46	syzop	Status	new => closed
2022-03-23 07:46	syzop	Resolution	open => no change required
2022-03-23 07:46	syzop	Note Added: 0022416