linuxdcpp-team team mailing list archive

[maksis <1722364@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

The AdcCommand parsing function will throw ParseException on invalid
commands:
https://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/AdcCommand.cpp#l37

However, SearchManager (UDPServer in AirDC++) won't catch those
exceptions at all:
https://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/SearchManager.cpp#l286


As a result, you should be able to crash the app by sending the following raw text to the UDP port: 

ARES T\n

(I used https://packetsender.com for testing)

** Affects: airdcpp
     Importance: Undecided
         Status: New

** Affects: apexdc
     Importance: Undecided
         Status: New

** Affects: dcplusplus
     Importance: Undecided
         Status: New

** Also affects: airdcpp
   Importance: Undecided
       Status: New

** Also affects: apexdc
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1722364

Title:
  Invalid ADC commands sent via UDP will crash the app

Status in AirDC++:
  New
Status in ApexDC++:
  New
Status in DC++:
  New

Bug description:
  The AdcCommand parsing function will throw ParseException on invalid
  commands:
  https://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/AdcCommand.cpp#l37

  However, SearchManager (UDPServer in AirDC++) won't catch those
  exceptions at all:
  https://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/SearchManager.cpp#l286

  
  As a result, you should be able to crash the app by sending the following raw text to the UDP port: 

  ARES T\n

  (I used https://packetsender.com for testing)

To manage notifications about this bug go to:
https://bugs.launchpad.net/airdcpp/+bug/1722364/+subscriptions