** Changed in: dcplusplus
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1030613
Title:
Normal users can issue CMDs
Status in ADCH++:
Fix Released
Status in DC++:
In Progress
Bug description:
Any client may send a CMD (only B-type tested) to the hub,
distributing it to any user. If done in a bot, you can effectively
send tens or hundreds of these, and a receiving client will be forced
to manage them, thus potentially causing a DoS scenario.
Generate the following user command in DC++ to test yourself;
Command type: Raw
Context: Hub menu
Name: RogueCommand
Command: BCMD %[mySID] Security\stest,\sbe\safraid TTHINF\sNIfoobar\n CT2
Hub address: adc://
(Above command should obviously be followed by a new line.)
The hub should ignore any CMD originating from a user. Potentially
allow CMDs from trusted users.
To manage notifications about this bug go to:
https://bugs.launchpad.net/adchpp/+bug/1030613/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~linuxdcpp-team
Post to : linuxdcpp-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~linuxdcpp-team
More help : https://help.launchpad.net/ListHelp
