You can upload files to znc via /dcc send *status. The files will be saved in
<datadir>/users/<user>/downloads/. The code for this didn't do any checking on
the file name at all and thus allowed directory traversal attacks by all znc
users (no admin privileges required!).
By exploiting this bug, attackers could e.g. upload a new ssh authorized_keys
file or upload a znc module which lets everyone gain shell access. Anything is
possible.
Again:
ONLY A NORMAL USER ACCOUNT NEEDED, no admin privileges.
THE ATTACKER GOT WRITE ACCESS TO ALL PLACES ZNC GOT WRITE ACCESS TO.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1570 726aef4b-f618-498e-8847-2d620e286838
ZNC replies to /mode #chan with the cached channel modes without querying the
IRCd. This was added to avoid traffic spikes to the ircd when a client
logged in.
The logic in this code had a bug that made it also reply with stale cached
values if we once were but aren't anymore in that channel (e.g. after
you've been kicked).
Thanks to tomaw for reporting this.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1507 726aef4b-f618-498e-8847-2d620e286838
Now e.g. the message "Invalid Password" on login even reaches the other end
before the connection shoots itself in the foot.
There is one place in Client.cpp which I didn't change: ReachedMaxBuffer()
If a client is flooding is, why should we wait until we are done answering
that flood?...
Thanks to morelia for making me notice this.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1506 726aef4b-f618-498e-8847-2d620e286838
Before this, you only got a message from *status when someone tried to login
with a bad password and no auth module (imapauth/saslauth) was loaded.
With this patch every failed login will generate a message.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1415 726aef4b-f618-498e-8847-2d620e286838
This breaks CAuthBase's API for modules that want to auth users.
Instead of overloading AcceptLogin() and RefuseLogin(), they now have to
overload AcceptedLogin() and RefusedLogin().
Modules that auth users (e.g. imapauth) still call AcceptLogin() and
RefuseLogin() which is where OnFailedLogin() gets called.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1389 726aef4b-f618-498e-8847-2d620e286838
OnUserAttached is renamed to OnClientLogin and
OnUserDetached to OnClientDisconnect.
This adds some new function with different arguments for the old names to cause
warnings from -Woverloaded-virtual while compiling.
This patch also adds OnClientConnect() which is called when the low-level
raw connection is established. (No SSL-handshake was done at this point yet!)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1266 726aef4b-f618-498e-8847-2d620e286838
CSocket caches the data read from a socket and then looks for lines in there.
If there is no line end, this buffer can grow quite large. This patch now
closes sockets if they get a huge read buffer.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1233 726aef4b-f618-498e-8847-2d620e286838
This suppresses "Your message to [yournick] got lost,..." messages when lagbars try to send notices to their own nick but ZNC is disconnected from IRC.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1211 726aef4b-f618-498e-8847-2d620e286838
OnModCTCP(), OnModCommand() and OnModNotice() are now called through a
preprocessor macro that does all the magic. This fixes a couple of bugs:
- the m_pUser member of global modules for OnModNotice() was wrong
- OnModCTCP() wasn't called for global modules
- Finally handle 'throw UNLOAD' for all of this three module calls
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1162 726aef4b-f618-498e-8847-2d620e286838
This also removes all the code catching those exceptions. There was nothing
which justified these exceptions and removing them doesn't hurt.
ByeBye CException::EX_BadModVersion
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1137 726aef4b-f618-498e-8847-2d620e286838
The recent removal of CUser::m_bIRCConnected lead to a bug here which is now
fixed.
In addition to this, this function now also works properly for users without
a vhost.
Oh and in User.cpp: Make sure CUser::GetIRCServer() returns an empty string
when we are no longer connected to an IRCd.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1134 726aef4b-f618-498e-8847-2d620e286838
Those function were not modified. Only change is the name.
Those *Dir() functions really made no sense in CUtils when there is FileUtils
stuff. They really fit much better into here. I'll bet they'll make new friends
fast. I mean, why shouldn't they?
Uhm... sorry ;)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1044 726aef4b-f618-498e-8847-2d620e286838
