ircd exploit in ircu based code

From: Kevin Day (toastyat_private)
Date: Tue Jul 13 1999 - 18:49:02 PDT

Next message: Hector Leon: "About IGMP and another exploit for Windows95x/98x"

Previous message: Ben: "Announcing First Annual ToorCon"
Next in thread: Kev: "Re: ircd exploit in ircu based code"
Reply: Kev: "Re: ircd exploit in ircu based code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Most irc networks using ircu based servers have a bug that can cause users
to segfault the server.

In m_join, the code doesn't check to see if get_channel returned failure (by
returning NULL).


While the line numbers will probably be off, this patch will work in most
ircu based servers.

--- ircd/channel.c	Tue Jul 13 19:58:46 1999
+++ ircd/channel.c	Tue Jul 13 20:05:31 1999
@@ -2004,6 +2004,12 @@

 	  chptr = get_channel (sptr, name, !CREATE);	/* need the TS -Kev */

+	  if (!chptr) {
+	  	sendto_one (sptr, err_str (ERR_NOSUCHCHANNEL),
+	  		    me.name, parv[0], name);
+	  	return(0);
+	  }
+	
 	  sendto_serv_butone (cptr, ":%s MODE %s +%s%s %lu", me.name, name,
 			      sendmode ? "o " : "", sendmode ? parv[0] : "",
 			      chptr->creationtime);	/* send the MODE to the


Kevin Day
DragonData
ToastyMan on irc.dragondata.com (on NewNet)

Next message: Hector Leon: "About IGMP and another exploit for Windows95x/98x"
Previous message: Ben: "Announcing First Annual ToorCon"
Next in thread: Kev: "Re: ircd exploit in ircu based code"
Reply: Kev: "Re: ircd exploit in ircu based code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:11 PDT