View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006471 | unreal | ircd | public | 2024-09-20 02:54 | 2024-09-23 17:26 |
| Reporter | craftxbox | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | x86_64 | OS | Linux | OS Version | Ubuntu 18 & 20 |
| Product Version | 6.1.7.2 | ||||
| Fixed in Version | 6.1.8-rc1 | ||||
| Summary | 0006471: IRCD hangs infinitely on operclass which has itself as a parent. | ||||
| Description | Creating an operclass that has itself as a parent causes the IRCD to hang indefinitely when someone OPER's into it. | ||||
| Steps To Reproduce | Define an operclass and oper block as follows: ``` operclass test { parent test; permissions {}; } oper test { match *@*; password "test"; operclass test; class opers; } ``` Rehash or start the IRCD, then login, and /OPER into the block just defined. Observe the IRCD hang. | ||||
| Tags | bug, conf | ||||
| 3rd party modules | |||||
|
|
If it's of any help, here's a backtrace I took while this hang was occuring: Thread 1 "unrealircd" received signal SIGINT, Interrupt. __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:203 203 in ../sysdeps/x86_64/multiarch/../strcmp.S (gdb) bt #0 __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:203 #1 0x000000000803c779 in find_operclass (name=0x8d7c190 "test") at conf.c:3170 #2 0x000000000802f0ed in ValidatePermissionsForPath ( path=path@entry=0x7ffffcc93289 "immune:maxchannelsperuser", client=client@entry=0x8f83e68, victim=victim@entry=0x0, channel=channel@entry=0x0, extra=extra@entry=0x0) at operclass.c:338 #3 0x00007ffffcc92c3a in _do_join (client=0x8f83e68, parc=<optimized out>, parv=<optimized out>) at join.c:449 #4 0x00007ffffcc91b6d in cmd_join (client=0x8f83e68, recv_mtags=<optimized out>, parc=3, parv=0x7ffffffea0b0) at join.c:168 #5 0x0000000008073075 in do_cmd (client=client@entry=0x8f83e68, mtags=<optimized out>, mtags@entry=0x0, cmd=cmd@entry=0x7ffff6152695 "JOIN", parc=parc@entry=3, parv=parv@entry=0x7ffffffea0b0) at api-command.c:204 #6 0x00007ffff6152475 in _make_oper (client=0x8f83e68, operblock_name=<optimized out>, operclass=0x8d74360 "test", clientclass=<optimized out>, modes=0, snomask=<optimized out>, vhost=0x0, autojoin_channels=<optimized out>) at oper.c:167 #7 0x00007ffff61517f2 in cmd_oper (client=0x8f83e68, recv_mtags=<optimized out>, parc=<optimized out>, parv=0x869a500 <para>) at oper.c:337 0000008 0x000000000802d5fc in parse2 (line=<optimized out>, mtags_bytes=<optimized out>, mtags=0x0, fromptr=<synthetic pointer>, cptr=0x8f83e68) at parse.c:562 #9 parse (cptr=cptr@entry=0x8f83e68, buffer=<optimized out>, buffer@entry=0x7ffffffea240 "oper", length=<optimized out>) at parse.c:237 #10 0x000000000802d68d in dopacket (client=client@entry=0x8f83e68, ffea240 "oper", length=<optimized out>) at parse.c:164 #11 0x000000000802d799 in parse_client_queued (client=client@entry=0x8f83e68) at parse.c:135 #12 0x000000000802d835 in process_packet (client=client@entry=0x8f83e68, readbuf=readbuf@entry=0x86db5c0 <readbuf> "oper test test\r\n7\r\nra,152\r\na,152\r\nname\":\"server\",\"version\":\"1.0.0\"},{\"name\":\"channel\",\"version\":\"1.0.5\"},{\"name\":\"server_ban\",\"version\":\"1.0.3\"},{\"name\":\"server_ban_exception\",\"version\":\"1.0.1\"},{\"nam"..., length=<optimized out>, killsafely=killsafely@entry=0) at parse.c:57 #13 0x000000000805dd3d in read_packet (fd=21, revents=<optimized out>, data=0x8f83e68) at socket.c:1269 #14 0x00000000080508cf in fd_select (delay=<optimized out>) at dispatch.c:518 #15 0x000000000801e168 in SocketLoop (dummy=<optimized out>) at ircd.c:981 #16 0x000000000801ce22 in main (argc=0, argv=0x7ffffffee5b0) at ircd.c:948 |
|
|
Thanks, fixed now in https://github.com/unrealircd/unrealircd/commit/7765f226bea3612a2db9e09a386fd1a32b62ac78 And yes, those reports are good, we don't want UnrealIRCd to crash or hang on a configuration mistake :) commit 7765f226bea3612a2db9e09a386fd1a32b62ac78 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD) Author: Bram Matthys <[email protected]> Date: Mon Sep 23 17:21:13 2024 +0200 Detect operclass::parent loops. Reported by craftxbox in https://bugs.unrealircd.org/view.php?id=6471 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-09-20 02:54 | craftxbox | New Issue | |
| 2024-09-20 02:54 | craftxbox | Tag Attached: bug | |
| 2024-09-20 02:54 | craftxbox | Tag Attached: conf | |
| 2024-09-20 02:59 | craftxbox | Note Added: 0023357 | |
| 2024-09-23 17:26 | syzop | Assigned To | => syzop |
| 2024-09-23 17:26 | syzop | Status | new => resolved |
| 2024-09-23 17:26 | syzop | Resolution | open => fixed |
| 2024-09-23 17:26 | syzop | Fixed in Version | => 6.1.8-rc1 |
| 2024-09-23 17:26 | syzop | Note Added: 0023377 |
