Package: rageircd
Version: 2.0.1-4
Severity: grave
Tags: patch, security
If rageircd is configured to require a password to connect to the
server, it will still allow users to connect if they don't provide a
password at all and only bounce them if they provide an incorrect one.
I've attached the patch I'm using which fixes it for me.
--
James
--- rageircd-2.0.1.orig/src/s_conf2.c
+++ rageircd-2.0.1/src/s_conf2.c
@@ -1825,8 +1825,8 @@
if ((allow->class->clients + 1) > allow->class->max_clients) {
return CLIENTAUTH_CLASSFULL;
}
- if ((allow->auth != NULL) && !BadPtr(cptr->localClient->passwd)) {
- if (!check_auth(allow->auth, cptr->localClient->passwd)) {
+ if ((allow->auth != NULL)) {
+ if (BadPtr(cptr->localClient->passwd) ||
!check_auth(allow->auth, cptr->localClient->passwd)) {
return CLIENTAUTH_INVALIDPW;
}
memset(cptr->localClient->passwd, '\0', PASSWDLEN + 1);
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
