[Pidgin] #15082: IRC PRPL does not filter \r on its own.

Pidgin trac at pidgin.im
Wed Apr 25 13:00:40 EDT 2012

#15082: IRC PRPL does not filter \r on its own.
 Reporter:  Josh @ Dreamland        |     Owner:  elb   
     Type:  defect                  |    Status:  new   
Component:  IRC                     |   Version:  2.10.0
 Keywords:  returncarriage newline  |  
 The IRC PRPL filters messages sent through purple_conv_chat_send to escape
 \n and \r\n. These are sent as multiple messages. If a message passed to
 purple_conv_chat_send contains an \r unpaired with an \n, however, it is
 not removed or treated as a message break, and the \r is sent raw, leaving
 the server to interpret the next line as a new command.

 For plugins which have the ability to echo input from other users, this is
 a vulnerability, as it enables third parties to run commands as the
 plugin's host.

 For example, calling purple_conv_chat_send(irc_conv, "Goodbye!\rquit");
 will say "Goodbye!", then terminate the connection.

Ticket URL: <http://developer.pidgin.im/ticket/15082>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list