ctcp parse issues

Ethan Blanton elb at pidgin.im
Sun Jan 24 11:09:34 EST 2010


karlthepagan spake unto us the following wisdom:
> this is the message of significance:
> goqzxsrmglis: Received CTCP 'VERSION Reds and Blues: Bad news. Join the
> Peoples Primary Party TODAY!
> http://peoplesprimary.com'<http://peoplesprimary.com%27/>(to
> #noisebridge) from goqzxsrmglis
> 
> I get this message and my pidgin attempts to join the channel "goqzxrmglis"
> 
> this is a SPAM CTCP and the text following "VERSION" should be stripped and
> not processed by the client
> 
> my client should not attempt to join the username as channel simply because
> the message contains the text "join"

You are correct, and it is not parsed.  Only the first eight bytes of
a VERSION message (\001VERSION) are parsed.  There must either be a
bug in libpurple IRC processing (I just looked at the likely
candidates, and I don't see anything, but it could be subtle), or
there must have been another message which triggered the join.  A bug
in parsing which triggers a channel join could very well be a
dangerous bug.

Either way, a packet trace of this happening would be infinitely
useful; I assume you don't have one?  Has this been repeated, or was
it a one-time error?

> repeated CTCP requests from the same user could have some kind of filtering
> applied to them

We have had requests for this, and it seems reasonable, we just
haven't gotten to implementing it.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100124/9dc9fec2/attachment.pgp>


More information about the security mailing list