The code in mo_info() and ms_info() is fubar'ed and results in global opers *NOT* seeing either the oh-so-grateful-to-our-ancestors infotext, or the perhaps more critical md5 hashes of all of the .c and .h files coded. Moreover, it violates HIS in a very tiny way by allowing lusers to see the md5 hashes for the first two files (usually IPCheck.c and channel.c, but I've seen (on production servers) channel.c and class.c).
This is not the level of bug that I thought needed to go on bugs(), despite the *TINY* HIS violation. Someone slap me if my judgment is way off here. Bugs and corrections follow. -AK To see this, for example, look at the code in mo_oper() beginning line 177: 177: while (text[212]) 178: { 179: if (!IsOper(sptr)) 180: send_reply(sptr, RPL_INFO, *text); 181: text++; 182: } 183: if (IsOper(sptr) && (NULL != parv[1])) 184: { 185: while (*text) 186 send_reply(sptr, RPL_INFO, *text++); 187: send_reply(sptr, RPL_INFO, ""); 188: } There are actually a few errors in here. Firstly, I presume that the IsOper() check is necessary because for whatever reason we don't want locops to see the hashes, but that's somewhat of an assumption. Hell if I had my way, everyone would be able to see that info, but HIS, I know. Anyway, with that assumption in place, lines 180 and 181 need to be braced together otherwise what the server is doing when one of its own +o/+O clients is doing when he does "/info" is: (A) [FIRST BUG] In the while loop at line 177: a. Is he a locop? OK, then send the first 210 lines of the version info file and then the first two server file hashes [at some point the version file must have been 212 lines] b. Is he an oper? Then don't even do that, but advance to 2-lines past the end of the version info file (B) [SECOND BUG] After the while loop at line 183, the parv[1] will always be null because we're in mo_oper and we already determined that hunt_server_cmd() == HUNTED_ISME earlier in the function. a. So don't show him the rest of the info text either. I fixed it in my copy by replacing the whole 177-188 block by the following: if(!IsOper(sptr)) m_info(cptr,sptr,parc,parv); /* the comments say one m_* function can call another, so why not actually try it : ) */ if (IsOper(sptr)) { while (*text) send_reply(sptr, RPL_INFO, *text++); send_reply(sptr, RPL_INFO, ""); } ..Correspondingly if we don't mind showing locops the hashes (and why should we?), we could just replace the whole block by: while (*text) send_reply(sptr, RPL_INFO, *text++); send_reply(sptr, RPL_INFO, ""); Likewise, ms_info is fubar'ed. The corresponding code in ms_server starts at lines 144, and should just be replaced by the while loop I put above, as ms_server is /info won't propogate but for opers. (Yes, enclose it in a if(IsOper(sptr)) if you need to hide the hashes from locops. Personally I think you don't.) author: aa...@aaronskaufman.com LAW OFFICE OF Aaron S. Kaufman and Associates, LLC 368 Veterans Memorial Highway Suite 6, Commack, NY 11725 (631)-366-2172 - fax: (631)-366-1728
_______________________________________________ Coder-com mailing list Coder-com@undernet.org http://undernet.sbg.org/mailman/listinfo/coder-com