View Issue Details

IDProjectCategoryView StatusLast Update
0006339unrealircdpublic2023-09-10 09:41
ReporterPeGaSuS Assigned To 
Status newResolutionopen 
PlatformLinuxOSUbuntuOS Version22.04
Product Version6.1.1.1 
Summary0006339: UnrealIRCd doesn't do any sanity checks on extbans
DescriptionApparently UnrealIRC doesn't do any kind of sanity checks on extbans.

The `~flood` extban should be only available as +e, but while setting it as:
/mode #channel +b ~flood:~account:test

throws a "Ban type ~flood only works with exceptions (+e) and not with bans or invex (+b/+I)"
setting it as:
/mode #channel +b ~account:~flood:test

it sets the extban without checking order and/or if a extban can be used with some other one.
TagsNo tags attached.
3rd party modules



2023-09-10 01:15

reporter   ~0023033

I didn't test other extbans combos but it probably has the same issue


2023-09-10 09:39

administrator   ~0023034

Last edited: 2023-09-10 09:41

Yeah, I understand what you mean, though obviously ~account:~flood:test makes no sense, so I don't think it is that much of an issue, or at least not to humans.

When you have ~account:, the stuff after that is the account name, so "~flood:test" is the account name here. Now perhaps ~ is a forbidden character in an account name, i have no idea, maybe not, so perhaps we could forbid a ~ at the start there to avoid confusion. I actually don't know the rules for account names. If we make a mistake there then you create account names that cannot be exempted/banned.
I did something similar with ~realname back in the early days (~r back then): there the first character can't be ~, it auto replaces it with a ? (question mark). So ~realname:~xyz* becomes ~realname:?xyz*. Since it usually isn't that much of a problem, a situation that is rather rare and avoids some confusion, like you mentioned.
But, on the other hand, there are legit ~ cases, for example for ~channel you can give a symbol like ~channel:@#hasopshere but also ~channel:~#hasownerhere... so there is the ~ again. I suppose due to the # there won't be much confusion, but just to illustrate that a ~ is not guaranteed to be forbidden as a first character.
The only other selectors that could have a ~ directly after would be operclass and security-group but that sounds rather rare (actually i think security group has to be a-zA-Z0-9_-).

Issue History

Date Modified Username Field Change
2023-09-10 00:52 PeGaSuS New Issue
2023-09-10 01:15 PeGaSuS Note Added: 0023033
2023-09-10 09:39 syzop Note Added: 0023034
2023-09-10 09:40 syzop Note Edited: 0023034
2023-09-10 09:41 syzop Note Edited: 0023034