*sigh* debugging my own debugging..
In the correction, when mo_info() calls m_info, it should return what m_info
returns, a la:
if(!IsOper(sptr))
return m_info(cptr,sptr,parc,parv); /* the comments say one
m_* function can call another, so why not actually try it : ) */
From: Coder-com [mailto:coder-com-boun...@undernet.org] On Behalf Of Aaron
Kaufman
Sent: Tuesday, March 17, 2015 1:33 PM
To: coder-com@undernet.org
Subject: [Coder-com] bug in m_info.c
The code in mo_info() and ms_info() is fubar'ed and results in global opers
*NOT* seeing either the oh-so-grateful-to-our-ancestors infotext, or the
perhaps more critical md5 hashes of all of the .c and .h files coded.
Moreover, it violates HIS in a very tiny way by allowing lusers to see the
md5 hashes for the first two files (usually IPCheck.c and channel.c, but
I've seen (on production servers) channel.c and class.c).
This is not the level of bug that I thought needed to go on bugs(), despite
the *TINY* HIS violation. Someone slap me if my judgment is way off here.
Bugs and corrections follow.
-AK
To see this, for example, look at the code in mo_oper() beginning line 177:
177: while (text[212])
178: {
179: if (!IsOper(sptr))
180: send_reply(sptr, RPL_INFO, *text);
181: text++;
182: }
183: if (IsOper(sptr) && (NULL != parv[1]))
184: {
185: while (*text)
186 send_reply(sptr, RPL_INFO, *text++);
187: send_reply(sptr, RPL_INFO, "");
188: }
There are actually a few errors in here. Firstly, I presume that the
IsOper() check is necessary because for whatever reason we don't want locops
to see the hashes, but that's somewhat of an assumption. Hell if I had my
way, everyone would be able to see that info, but HIS, I know.
Anyway, with that assumption in place, lines 180 and 181 need to be braced
together otherwise what the server is doing when one of its own +o/+O
clients is doing when he does "/info" is:
(A) [FIRST BUG] In the while loop at line 177:
a. Is he a locop? OK, then send the first 210 lines of the version
info file and then the first two server file hashes [at some point the
version file must have been 212 lines]
b. Is he an oper? Then don't even do that, but advance to 2-lines
past the end of the version info file
(B) [SECOND BUG] After the while loop at line 183, the parv[1] will always
be null because we're in mo_oper and we already determined that
hunt_server_cmd() == HUNTED_ISME earlier in the function.
a. So don't show him the rest of the info text either.
I fixed it in my copy by replacing the whole 177-188 block by the following:
if(!IsOper(sptr))
m_info(cptr,sptr,parc,parv); /* the comments say one m_*
function can call another, so why not actually try it : ) */
if (IsOper(sptr))
{
while (*text)
send_reply(sptr, RPL_INFO, *text++);
send_reply(sptr, RPL_INFO, "");
}
..Correspondingly if we don't mind showing locops the hashes (and why should
we?), we could just replace the whole block by:
while (*text)
send_reply(sptr, RPL_INFO, *text++);
send_reply(sptr, RPL_INFO, "");
Likewise, ms_info is fubar'ed. The corresponding code in ms_server starts
at lines 144, and should just be replaced by the while loop I put above, as
ms_server is /info won't propogate but for opers. (Yes, enclose it in a
if(IsOper(sptr)) if you need to hide the hashes from locops. Personally I
think you don't.)
author: aa...@aaronskaufman.com <mailto:aa...@aaronskaufman.com>
LAW OFFICE OF
Aaron S. Kaufman
and Associates, LLC
368 Veterans Memorial Highway Suite 6,
Commack, NY 11725
(631)-366-2172 - fax: (631)-366-1728
_______________________________________________
Coder-com mailing list
Coder-com@undernet.org
http://undernet.sbg.org/mailman/listinfo/coder-com
