[Pidgin] #15082: IRC PRPL does not filter \r on its own.
Pidgin
trac at pidgin.im
Wed Apr 25 13:00:40 EDT 2012
#15082: IRC PRPL does not filter \r on its own.
------------------------------------+---------------------------------------
Reporter: Josh @ Dreamland | Owner: elb
Type: defect | Status: new
Component: IRC | Version: 2.10.0
Keywords: returncarriage newline |
------------------------------------+---------------------------------------
The IRC PRPL filters messages sent through purple_conv_chat_send to escape
\n and \r\n. These are sent as multiple messages. If a message passed to
purple_conv_chat_send contains an \r unpaired with an \n, however, it is
not removed or treated as a message break, and the \r is sent raw, leaving
the server to interpret the next line as a new command.
For plugins which have the ability to echo input from other users, this is
a vulnerability, as it enables third parties to run commands as the
plugin's host.
For example, calling purple_conv_chat_send(irc_conv, "Goodbye!\rquit");
will say "Goodbye!", then terminate the connection.
--
Ticket URL: <http://developer.pidgin.im/ticket/15082>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list