pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

Fix OOB write if a trusted linked server sends malicious data.

Browse Source 
NOTE: Linked servers are considered trusted in UnrealIRCd.

This is not exploitable beyond a crash, due to -fstack-protector-all,
a hardening compiler flag we added many years ago. Even without
that flag it would be rather difficult, and i didn't manage to,
but this should never happen anyway since this flag is only
missing in gcc/clang versions that are more than 15 years old.

This issue was introduced by the move to CMD_BIGLINES in
6c5de62c18 in 6.2.2 release.
This commit is contained in:
Bram Matthys
2026-03-06 07:00:27 +01:00
parent 87e4249a09
commit 7865675917
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
doc/RELEASE-NOTES.md
+1
View File
@@ -50,6 +50,7 @@ hardening and has quite a number of bug fixes.
### Fixes:
* Crash when using [Extended Server Bans](https://www.unrealircd.org/docs/Extended_server_bans)
with invalid syntax in the configuration file.
* Crash on malicious server-to-server traffic (OOB write), bug introduced in 6.2.2.
* Linking could cause splitting the wrong server when a duplicate link was detected.
* Don't show confusing `CENTRAL_BLOCKLIST_TIMEOUT` message when user is shunned by CBL.
* Various memory leaks were fixed. Mostly a couple of bytes on `REHASH` in