diff options
| author | Alexander Barton <alex@barton.de> | 2008-05-30 14:49:56 +0200 |
|---|---|---|
| committer | Alexander Barton <alex@barton.de> | 2008-05-30 14:58:25 +0200 |
| commit | 8644cbf197807909e4caea184278872cdeca1963 (patch) | |
| tree | 68f82dcf709b592babcc7aff8ac54d25b8cf62a4 /src/ipaddr | |
| parent | 4c121f277da634d62a382457eb1df354cfb77b9b (diff) | |
| download | ngircd-8644cbf197807909e4caea184278872cdeca1963.tar.gz ngircd-8644cbf197807909e4caea184278872cdeca1963.zip | |
Don't allow stray \r or \n in command parameters
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n", "arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead to output like: :ngircd.test.server 322 nick #chan 1 : topicwithprecedingnewline :ngircd.test.server 322 nick #nxtchan 1 : [..] Worse, this allows clients to piggyback irc commands, e.g. "TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which causes the client to receive a JOIN command during /LIST output. Bug reported by Scott Perry, first patch by Florian Westphal.
Diffstat (limited to 'src/ipaddr')
0 files changed, 0 insertions, 0 deletions