Actions
Bug #432
closed
authenticated bip users could stop bip daemon
Start date:
2015-01-15
Due date:
% Done:
100%
Estimated time:
Patch Available:
Yes
Found in Versions:
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
Description
Fran found that these commands allow an authenticated bip user to stop bip daemon:
{ echo PASS bipnick:mysecretpassword:freenode; echo NICK Pilou; echo USER Pilou 0 Pilou :blah; sleep 2; } | telnet 127.0.0.1 7778 | read
15-01-2015 04:26:44 DEBUG: Trying to accept new client on 0 15-01-2015 04:26:44 DEBUG: New client on socket 41 ! 15-01-2015 04:26:44 DEBUG: fd:41 Connection established ! 15-01-2015 04:26:44 DEBUG: "PASS bipnick:mysecretpassword:freenode" 15-01-2015 04:26:44 DEBUG: "NICK Pilou" 15-01-2015 04:26:44 DEBUG: "USER Pilou 0 Pilou :blah" 15-01-2015 04:26:44 DEBUG: Connection close asked. FD:41 15-01-2015 04:26:44 DEBUG: A client connected 15-01-2015 04:26:44 FATAL: select(): Bad file descriptor
Files
Updated by Pierre-Louis Bonicoli almost 10 years ago
- Subject changed from Fatal to authenticated bip users could stop bip daemon
- Description updated (diff)
Updated by Pierre-Louis Bonicoli almost 10 years ago
This bug is the plaintext counterpart of #261 (which was related to SSL connections).
The attached patch fixes the problem for plaintext connections. I need to test behavior with SSL connections.
Updated by Pierre-Louis Bonicoli about 9 years ago
- Target version set to 0.9.0
- % Done changed from 0 to 80
- Patch Available set to Yes
There is no problem when client_side_ssl is enabled.
Tested with these commands:
$ socat -s TCP4-LISTEN:8000 OPENSSL:127.0.0.1:7778,verify=0 &
$ { echo PASS bipnick:mysecretpassword:freenode; echo NICK Pilou; echo USER Pilou 0 Pilou :blah; sleep 2; } | telnet 127.0.0.1 8000 | read
Updated by Pierre-Louis Bonicoli about 3 years ago
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
This redmine issue should have been closed years ago.
Actions