The FPSC-IRCD.txt advisory

[ircd () RIPCORD THEBENDS ORG (syg FPSC)]

***Note to aleph1, replace this with what i sent you earlier plz, thanks.***
                            The FPSC-IRCD.txt advisory.
                            ---------------------------
                            By: syg of the FPSC @3/7/98
                                ircd () FPSC hemp net
                               http://FPSC.hemp.net

Program affected:
IRCD

Versions affected:
All hybrid and other EFnet IRCD versions.  Probably others.

Problem:
        According to the date of this file, thier is a few bugs in hybrid IRCD
and  maybe  others.  I've checked DALnet's source and it seems thiers is fixed
and not affected.  The bug is in match.c of the source code and starts on line
204  at  'tolowertab[]'.  Note  the  line  that  consists  of  the  following:
"'t', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~',".  Then go to line 238
in match.c to 'touppertab[]'.  Note the line that reads:
"'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '[', '\\', ']', '^'," and  look at the two
lines.  If you notice, it takes the '{' char and defines its uppercase char as
'['  as  along with defining '|' to '\', '}' to ']', and '~' to '^'. What this
means   is   thier  the  same  characters  in  channel  names  and  nicknames.
        Now  what  can  you  do with this in such a way it would be a problem?
You  can  spy on channels that consist of any one of those 8 characters below:
1) {     --Defined as LowerCase [
2) [     --Defined as UpperCase {
3) }     --Defined as LowerCase ]
4) ]     --Defined as UpperCase }
5) |     --Defined as LowerCase \
6) \     --Defined as UpperCase |
7) ~     --Defined as LowerCase ^
8) ^     --Defined as UpperCase ~
This problem and mIRC make a dangerous combination.  Lets say a bunch of your
friends  hang  in  #mIRC]  and  you  run BitchX.  All  you have to do is join
#mIRC}  and  thier mIRC clients wont see you join the channel which means you
are  a  ghost  and  therefore  are  invisible.  Another  example  would be...
two  people  are  in #Love^2 and you ran BitchX.  All you would have to do is
join  #Love~2  and  they  wont  see  you join, therefore you can spy on thier
conversation  all night long.  Now if one of the mIRC people happened to type
"/names #mIRC]"  or  "/names #Love^2"  you would magically pop up in the nick
list  of  the  channel.  That  is  also the same if someone joins the channel
after you have joined, you will show up in thier names list therefore it will
put  you in thier nick list in the channel window.  Be creative and have fun.


Logs:
The "->->->" is me telling you whats going on.
->->-> In mIRC I typed /join #[ with the nick mIRC-1
 *** Now talking in #[
->->-> No one is in the channel but me in the nick list.
->->-> Then I looked in my status window and got the join info.
 #[ @mIRC-1
 #[ End of /NAMES list.
 #[ created on Thu Feb 25 14:13:45
->->-> Then in another mIRC client I typed /join #{ with the nick mIRC-2
 *** Now talking in #{
->->-> No one is in the channel but me in the nick list.
->->-> Then I looked in my status window and got the join info.
 #[ mIRC-2 @mIRC-1
 #{ End of /NAMES list.
 #[ +
 #[ created on Thu Feb 25 14:13:45
->->-> NOTE: I can't see mIRC-1 in the nick list in the channel.
->->-> I also can't see mIRC-2 in mIRC-1's nick list.
->->-> So basically it's like two different channels when you are in mIRC.
->->-> Let's now bring bitchX into play...
->->-> In BitchX under the nick BitchX-1 i typed /join #[
 BitchX-1 [test () FPSC hemp net] has joined #[
 [Users(#[:3)]
 [ BitchX-1  ] [ mIRC-2  ] [@mIRC-1  ]
 Channel #[ was created at Thu Feb 25 14:13:45 1999
 BitchX: Join to #[ was synced in 0.391 secs!
->->-> Now under mIRC-1's client I saw...
 *** BitchX-1 (test () FPSC hemp net) has joined #[
->->-> Which I should have because we are both in #[
->->-> But on the other hand, under mIRC-2's client( The one in #{ )...
->->-> I didn't see BitchX-1 join.
->->-> And as you can see, BitchX-1 see's mIRC-2 in the channel #[
->->-> Now let me type with all three of them.
->->-> Under all three clients I will type thier nick and chan to the channel.
->->-> Under BitchX-1's client I saw all three clients talk...
 <mIRC-1> mIRC-1 #[
 <mIRC-2> mIRC-2 #{
 <BitchX-1> BitchX-1 #[
->->-> Under mIRC-1's client I saw myself and BitchX-1 type (We are both
in #[)
 <mIRC-1> mIRC-1 #[
 <BitchX-1> BitchX-1 #[
->->-> Under mIRC-2's client I saw myself type only ( Im in #{ )
 <mIRC-2> mIRC-2 #{
->->-> As you can see mIRC-2 is being spy'd on by the BitchX client.
->->-> End of logs.

Sollution:
        The fix would be to simply edit /src/match.c of the source code. DALnet
seems  to  have  a  nice  match.c at ftp.dal.net in df467.tgz if you EFnet staff
need  any  ideas.  We all hope to see this fixed in your next release of hybrid.

Final Notes:
        IRCD coders and staff members of all networks and all IRCD versions need
to  check  your source for this bug and fix it before it gets abused... maybe it
was  you  in  #^locals^ giving your phone number out to a friend which was being
spy'd  on  by  another  local enemy.  Other than that, everyone keep up the good
work  and so  long.  Also,  thanks  to  sate  for  helping  me  test  this out.
Questions/jobs/info/etc: ircd () FPSC hemp net  -syg