[IRCServices] Bug in mode locked keys in 5.0.6

Craig Edwards brain at brainbox.winbot.co.uk
Tue Dec 31 10:15:06 PST 2002

Previous message: [IRCServices] Services Bug
Next message: [IRCServices] Bug in mode locked keys in 5.0.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We've just discovered a bug in ircservices 5.0.6 where a channel can be joined which has a key modelocked, and not only does it allow the client to enter, it also shows them the key, if the room is empty. In the following test, the channel is registered with the mode lock "+ntk mykey", and is empty.
Guest2088478498 is not on any access lists for the channel.

*** services.chatspike.net changes topic to '(ChanServ)'
*** ChanServ sets mode: +ntrk-o mykey Guest2088478498

As you can see, the guest user now has the key for the channel, and could part, to come back when users are around and abuse it later.

A little discussion led us to think that a good fix for this would be to treat keyed channels in the same way as +O channels, unless the correct key is supplied in the JOIN raw, if +k is mode locked, kick out the user before the locked modes and topic are set by chanserv/services.*

Thanks for your time,
Craig Edwards
ChatSpike admin

Previous message: [IRCServices] Services Bug
Next message: [IRCServices] Bug in mode locked keys in 5.0.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]