Package: rageircd Version: 2.0.1-4 Severity: grave Tags: patch, security If rageircd is configured to require a password to connect to the server, it will still allow users to connect if they don't provide a password at all and only bounce them if they provide an incorrect one. I've attached the patch I'm using which fixes it for me.
-- James --- rageircd-2.0.1.orig/src/s_conf2.c +++ rageircd-2.0.1/src/s_conf2.c @@ -1825,8 +1825,8 @@ if ((allow->class->clients + 1) > allow->class->max_clients) { return CLIENTAUTH_CLASSFULL; } - if ((allow->auth != NULL) && !BadPtr(cptr->localClient->passwd)) { - if (!check_auth(allow->auth, cptr->localClient->passwd)) { + if ((allow->auth != NULL)) { + if (BadPtr(cptr->localClient->passwd) || !check_auth(allow->auth, cptr->localClient->passwd)) { return CLIENTAUTH_INVALIDPW; } memset(cptr->localClient->passwd, '\0', PASSWDLEN + 1); -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]