EFnet Paralyzed By Vulnerability 156
An anonymous reader writes "EFnet member Fionn 'Fudge' Kelleher reported several vulnerabilities in the IRC daemons charybdis, ircd-ratbox, and other derivative IRCds. The vulnerability was subsequently used to bring down large portions of the EFnet IRC network."
By crafting a particular message, you can cause the IRC daemon to call strlen(NULL) and game over, core dumped.
Re:C strings strike again! (Score:3, Informative)
An uncaugh NullPointerException on a call to aString.length() in java would have the same effect and kill the running Thread, the program if it is the main Thread.
http://stackoverflow.com/questions/5796103/strlen-not-checking-for-null [stackoverflow.com]
Re:EFnet is already paralyzed (Score:4, Informative)
There has been a lot of work in this area with a few projects now... Microsoft's IRCX, then IRCNEXT, IRCPLUS and now atheme.org's IRCv3 [ircv3.org]. IRCv3 is becoming the defacto standard at this point, supplanting the traditional IRC protocol, as almost all vendors that are noteworthy have adopted support for revision 3.1 of the protocol already.
Both Atheme and Anope can be interacted with via RPC from scripts allowing for web integrations. Also, there are immersive web clients which provide a lot of useful metadata to clients.
Re:C strings strike again! (Score:4, Informative)
Pitty intel didnt implement string functions in the CPU.
They did. [pku.edu.cn] Welcome to decades ago.