linuxdcpp-team team mailing list archive
-
linuxdcpp-team team
-
Mailing list archive
-
Message #07037
[Bug 1189975] Re: Forbidden commands in ADC
most commands the hub can avoid dispatching, except STA (it would have
to peek into STA codes and do case-by-case handling) and ZON/ZOFF
(extensions) for which i have applied (a slightly modified version of)
this patch.
** Information type changed from Private Security to Public Security
** Changed in: dcplusplus
Importance: Undecided => High
** Changed in: dcplusplus
Status: New => Fix Committed
--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1189975
Title:
Forbidden commands in ADC
Status in DC++:
Fix Committed
Bug description:
When DC++ receives a STA message with code 25, it adds the command in
to the list of forbidden outgoing commands. However, the client
doesn't check that the STA message originates from the hub, so any
other client could send malicious STA messages and prevent DC++ from
sending any outgoing command via the hub. The fix is rather trivial.
I generally dislike the way how code 25 is handled, as DC++ doesn't
notify the user when it blocks a command and neither when an outgoing
command is disregarded right before sending.
To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1189975/+subscriptions
References