linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1189975] Re: Forbidden commands in ADC

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: poy <1189975@xxxxxxxxxxxxxxxxxx>
Date: Mon, 17 Jun 2013 21:04:32 -0000
Reply-to: Bug 1189975 <1189975@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

most commands the hub can avoid dispatching, except STA (it would have
to peek into STA codes and do case-by-case handling) and ZON/ZOFF
(extensions) for which i have applied (a slightly modified version of)
this patch.

** Information type changed from Private Security to Public Security

** Changed in: dcplusplus
   Importance: Undecided => High

** Changed in: dcplusplus
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1189975

Title:
  Forbidden commands in ADC

Status in DC++:
  Fix Committed

Bug description:
  When DC++ receives a STA message with code 25, it adds the command in
  to the list of forbidden outgoing commands. However, the client
  doesn't check that the STA message originates from the hub, so any
  other client could send malicious STA messages and prevent DC++ from
  sending any outgoing command via the hub. The fix is rather trivial.

  I generally dislike the way how code 25 is handled, as DC++ doesn't
  notify the user when it blocks a command and neither when an outgoing
  command is disregarded right before sending.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1189975/+subscriptions

References

[Bug 1189975] [NEW] Forbidden commands in ADC
From: maksis, 2013-06-11