[Pidgin] #12562: Pidgin IRC does not handle SSL blocks of > IRC_INITIAL_BUFSIZE correctly
Pidgin
trac at pidgin.im
Thu Aug 31 13:41:46 EDT 2017
#12562: Pidgin IRC does not handle SSL blocks of > IRC_INITIAL_BUFSIZE correctly
-------------------------------------------------+------------------
Reporter: Stmeter | Owner: elb
Type: defect | Status: new
Milestone: | Component: IRC
Version: 2.7.3 | Resolution:
Keywords: SSL inspircd packets gnutls openssl |
-------------------------------------------------+------------------
Comment (by slingamn):
While we're in the neighborhood: here's a patch that fixes the bug, and
also fixes a DoS attack. Right now, the server can send an arbitrarily
long stream of unparseable bytes (any byte that's not `0`, `\r`, or `\n`),
and the parser will keep resizing its buffer upwards and trying to parse
the data into an valid IRC message. IRC messages can't be longer than 1024
bytes, so we can just use a constant-sized buffer.
Gist with a DoS PoC and the path:
https://gist.github.com/slingamn/28b6e5658c48ead403d903fb3d29dce3
--
Ticket URL: <https://developer.pidgin.im/ticket/12562#comment:4>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list