From 819a72d4f6b9cd1068db3be3758e6855c49f16db Mon Sep 17 00:00:00 2001 From: zzz Date: Thu, 11 Oct 2007 06:03:21 +0000 Subject: [PATCH] 2007-10-11 zzz * IRC Proxy: Fix several possible anonymity holes: - Block CTCP in NOTICE messages - Block CTCP anywhere in PRIVMSG and NOTICE, not just at first character - Check for lower case commands (Thanks sponge!) --- .../net/i2p/i2ptunnel/I2PTunnelIRCClient.java | 30 +++++++++---------- history.txt | 9 +++++- .../src/net/i2p/router/RouterVersion.java | 4 +-- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelIRCClient.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelIRCClient.java index 7f1d6de02..fa3f67258 100644 --- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelIRCClient.java +++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelIRCClient.java @@ -272,7 +272,7 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable int idx=0; final String[] allowedCommands = { - "NOTICE", + // "NOTICE", // can contain CTCP //"PING", //"PONG", "MODE", @@ -306,9 +306,9 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable } catch(NumberFormatException nfe){} - if ("PING".equals(command)) + if ("PING".equalsIgnoreCase(command)) return "PING 127.0.0.1"; // no way to know what the ircd to i2ptunnel server con is, so localhost works - if ("PONG".equals(command)) { + if ("PONG".equalsIgnoreCase(command)) { // Turn the received ":irc.freshcoffee.i2p PONG irc.freshcoffee.i2p :127.0.0.1" // into ":127.0.0.1 PONG 127.0.0.1 " so that the caller can append the client's extra parameter // though, does 127.0.0.1 work for irc clients connecting remotely? and for all of them? sure would @@ -322,18 +322,17 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable // Allow all allowedCommands for(int i=0;i= 0) // CTCP marker ^A can be anywhere, not just immediately after the ':' { // CTCP msg=msg.substring(2); @@ -356,7 +355,7 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable String command; final String[] allowedCommands = { - "NOTICE", + // "NOTICE", // can contain CTCP "MODE", "JOIN", "NICK", @@ -387,7 +386,7 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable command = field[0].toUpperCase(); - if ("PING".equals(command)) { + if ("PING".equalsIgnoreCase(command)) { // Most clients just send a PING and are happy with any old PONG. Others, // like BitchX, actually expect certain behavior. It sends two different pings: // "PING :irc.freshcoffee.i2p" and "PING 1234567890 127.0.0.1" (where the IP is the proxy) @@ -421,24 +420,23 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable return rv; } - if ("PONG".equals(command)) + if ("PONG".equalsIgnoreCase(command)) return "PONG 127.0.0.1"; // no way to know what the ircd to i2ptunnel server con is, so localhost works // Allow all allowedCommands for(int i=0;i= 0) // CTCP marker ^A can be anywhere, not just immediately after the ':' { // CTCP msg=msg.substring(2); @@ -451,14 +449,14 @@ public class I2PTunnelIRCClient extends I2PTunnelClientBase implements Runnable return s; } - if("USER".equals(command)) { + if("USER".equalsIgnoreCase(command)) { int idx = field[2].lastIndexOf(":"); if(idx<0) return "USER user hostname localhost :realname"; String realname = field[2].substring(idx+1); String ret = "USER "+field[1]+" hostname localhost :"+realname; return ret; - } else if ("QUIT".equals(command)) { + } else if ("QUIT".equalsIgnoreCase(command)) { return "QUIT :leaving"; } diff --git a/history.txt b/history.txt index c533464d5..50aea0efd 100644 --- a/history.txt +++ b/history.txt @@ -1,4 +1,11 @@ -$Id: history.txt,v 1.593 2007-10-07 22:01:47 jrandom Exp $ +$Id: history.txt,v 1.594 2007-10-07 23:11:36 jrandom Exp $ + +2007-10-11 zzz + * IRC Proxy: Fix several possible anonymity holes: + - Block CTCP in NOTICE messages + - Block CTCP anywhere in PRIVMSG and NOTICE, not just at first character + - Check for lower case commands + (Thanks sponge!) 2007-10-07 jrandom * back out the NTCP backlog pushback, as it could be used to mount an diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 249b3b528..5c85e4008 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -15,9 +15,9 @@ import net.i2p.CoreVersion; * */ public class RouterVersion { - public final static String ID = "$Revision: 1.529 $ $Date: 2007-10-07 22:01:49 $"; + public final static String ID = "$Revision: 1.530 $ $Date: 2007-10-07 23:11:37 $"; public final static String VERSION = "0.6.1.30"; - public final static long BUILD = 1; + public final static long BUILD = 2; public static void main(String args[]) { System.out.println("I2P Router version: " + VERSION + "-" + BUILD); System.out.println("Router ID: " + RouterVersion.ID);