Package: rageircd
Version: 2.0.1-4
Severity: grave
Tags: patch, security

If rageircd is configured to require a password to connect to the
server, it will still allow users to connect if they don't provide a
password at all and only bounce them if they provide an incorrect one.
I've attached the patch I'm using which fixes it for me.
-- 
James

--- rageircd-2.0.1.orig/src/s_conf2.c
+++ rageircd-2.0.1/src/s_conf2.c
@@ -1825,8 +1825,8 @@
        if ((allow->class->clients + 1) > allow->class->max_clients) {
                return CLIENTAUTH_CLASSFULL;
        }
-       if ((allow->auth != NULL) && !BadPtr(cptr->localClient->passwd)) {
-               if (!check_auth(allow->auth, cptr->localClient->passwd)) {
+       if ((allow->auth != NULL)) {
+               if (BadPtr(cptr->localClient->passwd) || 
!check_auth(allow->auth, cptr->localClient->passwd)) {
                        return CLIENTAUTH_INVALIDPW;
                }
                memset(cptr->localClient->passwd, '\0', PASSWDLEN + 1);


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to