|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BitchX /ignore bug
From: Firstname Lastname (typo
SCENE.AT)Date: Tue Jul 04 2000 - 20:56:09 CDT
- Next message: Daniel SALAGEAN: "Re: default passwords...partII"
- Previous message: Roelof Temmingh: "default passwords...partII"
- In reply to: Rick Jansen: "BitchX /ignore bug"
- Next in thread: Stephen J. Friedl: "Re: BitchX /ignore bug"
- Reply: Firstname Lastname: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Jul 05, 2000 at 02:24:41AM +0200, Rick Jansen wrote:
> Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
> segfault and coredump. This is a small programming error,
no its not.. its a fatal, and exploitable bug. and the rest of bitchx's code
doesn't look much better.. lets examine at the rest of parse.c,
just looking for completly similiar issues with logmsg:
parse.c:1033: warning: TESO: Insufficient Format arguments: logmsg(4/5).
parse.c:1100: warning: TESO: Insufficient Format arguments: logmsg(4/5).
parse.c:1033: logmsg(LOG_INVITE, from, 0, invite_channel);
parse.c:1100: logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)");
(when fixing code, fix the whole.. if thats too much work,
trash the code and start again.)
and umh.. my bugtraq post from months ago was refused, and i never got an
reply from the authors (bitchx mailinglist, that is):
BitchX privileged port dcc protection is susceptable to overflowing the
port argument (meaning: its ineffectual).
-- so much entropy, so little time
- Next message: Daniel SALAGEAN: "Re: default passwords...partII"
- Previous message: Roelof Temmingh: "default passwords...partII"
- In reply to: Rick Jansen: "BitchX /ignore bug"
- Next in thread: Stephen J. Friedl: "Re: BitchX /ignore bug"
- Reply: Firstname Lastname: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]