linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1722364] Re: Invalid ADC commands sent via UDP will crash the app

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: eMTee <1722364@xxxxxxxxxxxxxxxxxx>
Date: Sat, 21 Oct 2017 09:42:14 -0000
Reply-to: Bug 1722364 <1722364@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public

** Also affects: strongdc
   Importance: Undecided
       Status: New

** Also affects: linuxdcpp
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1722364

Title:
  Invalid ADC commands sent via UDP will crash the app

Status in AirDC++:
  Fix Released
Status in ApexDC++:
  New
Status in DC++:
  Fix Released
Status in FlylinkDC++:
  New
Status in LinuxDC++:
  New
Status in StrongDC++:
  New

Bug description:
  The AdcCommand parsing function will throw ParseException on invalid
  commands:
  https://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/AdcCommand.cpp#l37

  However, SearchManager (UDPServer in AirDC++) won't catch those
  exceptions at all:
  https://sourceforge.net/p/dcplusplus/code/ci/default/tree/dcpp/SearchManager.cpp#l286

  
  As a result, you should be able to crash the app by sending the following raw text to the UDP port: 

  ARES T\n

  (I used https://packetsender.com for testing)

To manage notifications about this bug go to:
https://bugs.launchpad.net/airdcpp/+bug/1722364/+subscriptions

References

[Bug 1722364] [NEW] Invalid ADC commands sent via UDP will crash the app
From: maksis, 2017-10-09