Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

possible security issue: event.reply does not split message by newline #244

Closed
proton-ab opened this issue Feb 26, 2020 · 1 comment
Closed

possible security issue: event.reply does not split message by newline #244

proton-ab opened this issue Feb 26, 2020 · 1 comment

Comments

@proton-ab
Copy link

Calling event.reply with a message like Hello World\nQUIT will cause irc-framework to pass the input straight to sockets, which in turn will split its input by newlines, resulting in IRC server receiving two lines from client: PRIVMSG #dev :Hello World and QUIT.

The underlying function responsible for handling reply to events will properly split messages and append appropriate prefix (PRIVMSG #dev in previous example) for lines that are above threshold length, however it does not do such thing for messages that explicitly contain \n in them.

This might lead to possible remote command execution in implementations utilizing event.reply to send untrusted data. Simplest example would be a bot fetching link title for web pages.
@prawnsalad
Copy link
Member

Thanks for the report, now fixed in 24be97d

@e-lisa e-lisa mentioned this issue Jun 7, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prawnsalad @proton-ab