[IRCServices] Possible bug

Andrew Church achurch at achurch.org
Sat Feb 1 10:25:38 PST 2003


     I don't see how this could be "exploited" in the ordinary sense of the
word, but it can lead to desynchs.  Thanks for pointing the problem out.

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/

>You may want to take a look at the
>split_buf() function in process.c, I believe
>that there is a bug in how the argv[]'s are
>filled that might be exploited easily on some
>boxes.
>
>Depending on what the isspace() function
>considers as space (usually 7-8 characters,
>including line feeds, tabs, and the like,
>and not just the actual space character),
>when you strpbrk() the buffer looking for
>an actual space, if the result is composed
>only of those other characters considered
>spaces by the isspace() function, the whole
>string will be skipped, and bad things can
>happen.
>
>This is easily exploitable with, say, a
>//mode #channel +k $chr(9)
>in mIRC.
>
>I hope I'm wrong about this... :)
>
>-- 
>Gastaman @ irc.azzurra.org || irc.dal.net
>
>Fan di Adachi - http://www.adachi.it
>Moderatore di IAFM - it.arti.fumetti.manga
>
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices