Project

General

Profile

Actions

Bug #432

closed

authenticated bip users could stop bip daemon

Added by Pierre-Louis Bonicoli almost 10 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Target version:
Start date:
2015-01-15
Due date:
% Done:

100%

Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:

Description

Fran found that these commands allow an authenticated bip user to stop bip daemon:

{ echo PASS bipnick:mysecretpassword:freenode; echo NICK Pilou; echo USER Pilou 0 Pilou :blah; sleep 2; } | telnet 127.0.0.1 7778 | read

15-01-2015 04:26:44 DEBUG: Trying to accept new client on 0
15-01-2015 04:26:44 DEBUG: New client on socket 41 !
15-01-2015 04:26:44 DEBUG: fd:41 Connection established !
15-01-2015 04:26:44 DEBUG: "PASS bipnick:mysecretpassword:freenode" 
15-01-2015 04:26:44 DEBUG: "NICK Pilou" 
15-01-2015 04:26:44 DEBUG: "USER Pilou 0 Pilou :blah" 
15-01-2015 04:26:44 DEBUG: Connection close asked. FD:41
15-01-2015 04:26:44 DEBUG: A client connected
15-01-2015 04:26:44 FATAL: select(): Bad file descriptor

Files

patch (3.8 KB) patch Pierre-Louis Bonicoli, 2015-01-16 07:19
Actions #1

Updated by Pierre-Louis Bonicoli almost 10 years ago

  • Subject changed from Fatal to authenticated bip users could stop bip daemon
  • Description updated (diff)
Actions #2

Updated by Pierre-Louis Bonicoli almost 10 years ago

  • File patch patch added
  • Status changed from New to In Progress
  • Assignee set to Pierre-Louis Bonicoli

This bug is the plaintext counterpart of #261 (which was related to SSL connections).

The attached patch fixes the problem for plaintext connections. I need to test behavior with SSL connections.

Actions #3

Updated by Pierre-Louis Bonicoli over 9 years ago

  • Target version set to 0.9.0
  • % Done changed from 0 to 80
  • Patch Available set to Yes

There is no problem when client_side_ssl is enabled.

Tested with these commands:

$ socat -s TCP4-LISTEN:8000 OPENSSL:127.0.0.1:7778,verify=0 &
$ { echo PASS bipnick:mysecretpassword:freenode; echo NICK Pilou; echo USER Pilou 0 Pilou :blah; sleep 2; } | telnet 127.0.0.1 8000 | read

Actions #4

Updated by Pierre-Louis Bonicoli about 3 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 80 to 100

This redmine issue should have been closed years ago.

Actions

Also available in: Atom PDF