Bugtraq mailing list archives

ircd exploit in ircu based code

From: toasty () DRAGONDATA COM (Kevin Day)
Date: Tue, 13 Jul 1999 20:49:02 -0500


Most irc networks using ircu based servers have a bug that can cause users
to segfault the server.

In m_join, the code doesn't check to see if get_channel returned failure (by
returning NULL).

While the line numbers will probably be off, this patch will work in most
ircu based servers.

--- ircd/channel.c      Tue Jul 13 19:58:46 1999
+++ ircd/channel.c      Tue Jul 13 20:05:31 1999
@@ -2004,6 +2004,12 @@

           chptr = get_channel (sptr, name, !CREATE);   /* need the TS -Kev */

+         if (!chptr) {
+               sendto_one (sptr, err_str (ERR_NOSUCHCHANNEL),
+                           me.name, parv[0], name);
+               return(0);
+         }
+       
           sendto_serv_butone (cptr, ":%s MODE %s +%s%s %lu", me.name, name,
                               sendmode ? "o " : "", sendmode ? parv[0] : "",
                               chptr->creationtime);    /* send the MODE to the

Kevin Day
DragonData
ToastyMan on irc.dragondata.com (on NewNet)

Current thread:

aix 4.2 4.3.1, adb GZ Apple (Jul 12)
- Re: aix 4.2 4.3.1, adb Mike Austin (Jul 13)
- Root Perms Gained with Patrol SNMP Agent 3.2 (all others?) Andrew Alness (Jul 13)
- Announcing First Annual ToorCon Ben (Jul 13)
- ircd exploit in ircu based code Kevin Day (Jul 13)
  - Re: ircd exploit in ircu based code Kev (Jul 15)
- About IGMP and another exploit for Windows95x/98x Hector Leon (Jul 13)
  - credit (was Re: About IGMP and another exploit for Windows95x/98x) Max Vision (Jul 14)
- Re: aix 4.2 4.3.1, adb Troy A. Bollinger (Jul 13)
- DoS attack on AT&T Wireless text-messaging service Peter Gamache (Jul 14)
- BO2K Aleph One (Jul 15)
- <Possible follow-ups>
- Re: aix 4.2 4.3.1, adb Peter.Fredriksson () Skriptor com (Jul 13)
- Re: aix 4.2 4.3.1, adb Troy A. Bollinger (Jul 15)