IRC Logs for #circuits Friday, 2015-09-04

*** Osso has quit IRC01:41
*** Osso has joined #circuits01:41
kdbHi osso01:41
*** Osso has quit IRC02:40
*** Coldblackice has quit IRC03:23
*** Coldblackice has joined #circuits03:29
*** Coldblackice has quit IRC05:21
*** Coldblackice has joined #circuits05:29
spaceoneprologic: hmm, you weren't right. the null byte thing is a bug in charla07:01
spaceonehttps://tools.ietf.org/html/rfc281207:01
spaceone  2) The NUL (%x00) character is not special in message framing, and07:01
spaceone         basically could end up inside a parameter, but it would cause07:01
spaceone         extra complexities in normal C string handling. Therefore, NUL07:01
spaceone         is not allowed within messages.07:01
prologicYeah that's RFC281207:14
prologicand specifically talks about C string hadling07:14
prologiccharla is *not* written in C07:14
prologicand real-world implemtnations handle null (at least some ircds do)07:15
prologicyou can't always go by what the RFC states :)07:15
prologicreal-world is never quite the RFC!07:15
spaceonewtf?07:19
spaceonebut is a serious issue07:19
spaceonethe RFC states that \x00 causes errors in C implementations and therefore MUST not be used. if you redirect the forbidden null byte to a client which is written in C it may cause problems07:20
spaceoneinstead of validating the user input and tell the user that his client is broken07:20
prologicwell there thing is07:20
prologicwhere do we disallow this?07:20
spaceonethat not-validating is the reason why security wholes exists07:20
prologicthe problem is that interanlly the data will get buffered up07:20
spaceonewe don't but we have to07:21
prologicuntil we see a \r\n07:21
prologicso I can't just disgard \x00 upfront07:21
spaceonei don't understand this, can you explain a little further?07:21
prologicokay07:23
prologicso IRC is basically a line protocol07:23
prologicwhere the delimiter is \r\n07:23
spaceoneyes07:23
prologicbecause of that no "IRC" event is emitted unwil the buffer contains at least one \r\n07:23
prologicin the meantime you could have sent \x00 too07:23
prologicso then what? :)07:24
spaceonewell, you receive line events07:24
prologiccorrect07:24
spaceonedef _on_line(self, line):07:24
prologicthe the start of the line will have \x0007:24
spaceoneif '\x00' in line:07:24
prologicthen we try to create a message out of that07:24
spaceone   return self.fire(irc_error('bad clioent'))07:24
prologicperhaps the validation can happne in parse_msg?07:25
prologicin circuits.protocols.irc.utils07:25
spaceoneyes07:25
prologicI'll write a test case07:25
prologicbut at that point we can't return a reply07:25
spaceonea exception InvalidMessage()07:25
prologicthe IRC protocol is quite dumb here07:25
prologicit's an implemtnation that *should* handle it07:25
prologicyeah we *could* raise an exception07:25
spaceoneokay, then you could:07:25
prologicI'll play around with it07:25
spaceoneline.replace('\x00', '')07:26
prologichmm07:26
prologicthat kinda feels a bit ugly :)07:26
spaceoneif you want a tolerant thing07:26
spaceoneyes07:26
prologicI think raising an excpetion is better in this case07:26
prologicas the message is basically invalid07:26
spaceoneimho, too07:26
prologicwhich'll then get caught (or not)07:26
prologicdon't really care if it doesn't get caught by charla07:26
prologicbut I'll play around with it tonight07:27
prologicif you have an idea for a "good" patch feel free07:27
prologictehre's a bunch of unit tets for the protocol handler too07:27
prologictests/protocols/test_irc.py07:27
spaceoneis there a ERROR command in irc?07:28
prologicI wanna finish handling multiple modes too if I can tonight and am not too tired07:29
prologicand then release charla 0.107:29
prologican ERROR hmmm07:29
prologicnot officially no07:29
prologicbut many ircds do send an ERROR: ... to clients07:29
prologicusually on closing the socket though07:29
prologicit *could* be used in this case07:29
prologicbut it'd still have to be handled in charla07:30
prologicnot at the IRC protocol level07:30
spaceoneyes07:30
spaceonewhat is 'multiple-modes' ? that a user can have multiple modes?07:31
spaceoneand conflict-handling of modes07:31
prologicno07:31
prologicMODE #foo +ov foo bar07:31
prologicfor example07:31
prologicI have a test_parse_mdoes.py in the root tree07:31
prologicI wrote a new parser for mode handling a few nights ago07:32
spaceones/mdoes/modes/07:32
prologicbut haven't integrated it yet into the mode plugin07:32
prologicyes modes :)07:32
prologicafter multi modes is done07:32
prologicand bans07:32
prologicwe'll release 0.107:32
spaceonei still don't really understand07:32
spaceoneis it about parsing '+ov' ?07:32
prologicyes07:38
prologicbut morre importantly07:38
prologichandling arguments to modes too07:38
prologicdon't worry :)07:38
prologichave a look at test_parse_modes.py07:38
prologicI've pretty much implemented it07:38
spaceonewhat arguments could they have?07:39
spaceoneand to which mode are they applying?07:39
spaceonethe arguments are just usernames?07:39
spaceoneor are there any other things?07:40
prologicyeah07:53
prologico and v take a username07:53
prologicb takes a mask07:53
prologicand l takes an int07:54
prologicso yeah07:54
spaceoneso it isn't possible to combine the mode +obl ?!08:03
prologicyes08:05
prologicbut the no. of arguments must match08:05
prologic+obl <user> <mask> <limit>08:05
spaceonebut what if you want to give 2 users to +o ? is it then: +oobl foo bar <mask> <int> ?08:07
spaceoneis "+o foo bar" invalid?08:08
prologicyeap08:09
prologicand yeap08:09
prologicbar will likely get treated as a mode char08:09
prologicand b will be ban08:09
prologicand then there'll be no args for it08:09
prologicand it should error out then08:09
*** kdb has quit IRC08:21
*** kdb has joined #circuits08:21
*** kdb has quit IRC08:21
*** kdb has joined #circuits08:21
*** Osso has joined #circuits10:10
kdbYo osso10:10
*** Osso has quit IRC19:23
*** Osso has joined #circuits19:43

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!