Skip to content
Permalink
Browse files Browse the repository at this point in the history
Make sure that clients can't access buffers belonging to other users
A manipulated, but properly authenticated client was able to retrieve
the backlog of other users on the same core in some cases by providing
an appropriate BufferID to the storage engine. Note that proper
authentication was still required, so exploiting this requires
malicious users on your core. This commit fixes this issue by ensuring
that foreign BufferIDs are off-limits.
  • Loading branch information
MrEgs authored and Sput42 committed Nov 24, 2013
1 parent ba6a9ce commit a1a24da
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
@@ -1,3 +1,3 @@
SELECT bufferid, networkid, buffertype, groupid, buffername
FROM buffer
WHERE bufferid = :bufferid
WHERE userid = :userid AND bufferid = :bufferid
3 changes: 2 additions & 1 deletion src/core/SQL/PostgreSQL/16/update_network.sql
Expand Up @@ -17,4 +17,5 @@ rejoinchannels = :rejoinchannels,
usesasl = :usesasl,
saslaccount = :saslaccount,
saslpassword = :saslpassword
WHERE networkid = :networkid
WHERE userid = :userid AND networkid = :networkid

2 changes: 1 addition & 1 deletion src/core/SQL/SQLite/17/select_buffer_by_id.sql
@@ -1,3 +1,3 @@
SELECT bufferid, networkid, buffertype, groupid, buffername
FROM buffer
WHERE bufferid = :bufferid
WHERE bufferid = :bufferid AND userid = :userid

0 comments on commit a1a24da

Please sign in to comment.