Ticket #974 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Crash on zero size incomming file transfers

Reported by: rexbinary Assigned to: timothy
Priority: highest Component: Chat Core (File Transfer)
Version: Latest 2.1 Severity: critical
Keywords: crash file transfer exploit security Cc:

Description

Colloquy is being crashed on Freenode 2-3 times a day by people spamming file transfer requests with a zero size file. My screen floods with accept/decline messages, then I get a beachball, and then Colloquy crashes. Need to be able to disable file transfers all together or something to work around this exploit.

Attachments

Colloquy.crash.log (23.7 kB) - added by rexbinary on 02/03/07 13:17:50.
Colloquy crash log after exploit

Change History

01/24/07 12:18:29 changed by rexbinary

  • keywords changed from crash file transfer exploit to crash file transfer exploit security.

01/24/07 12:20:19 changed by rexbinary

  • component changed from Colloquy (GUI) to Chat Core (File Transfer).

01/24/07 12:24:44 changed by rexbinary

  • summary changed from Crash on multiple file transfers to Crash on multiple incomming file transfers.

01/24/07 12:39:28 changed by rexbinary

  • summary changed from Crash on multiple incomming file transfers to Crash on zero size incomming file transfers.

I got a single zero size file transfer and it crashed Colloquy. Looks like it's any zero size file transfer will crash Colloquy, not just multiple ones. Updated summery.

02/03/07 13:17:04 changed by rexbinary

I attached a screenshot of the exploit. If you don't touch the file transfer dialog, Colloquy will continue to work. As soon as you click Refuse on one of the windows, you get a beachball and then Colloquy crashes. I'll attach the crash log as well.

02/03/07 13:17:50 changed by rexbinary

  • attachment Colloquy.crash.log added.

Colloquy crash log after exploit

02/03/07 13:23:31 changed by rexbinary

If there was just a way to disable file transfers all together, this would be a great work around while the real fix is addressed.

02/03/07 16:28:54 changed by timothy

  • status changed from new to assigned.

Fixed in [3574].

02/03/07 18:52:37 changed by rexbinary

Fix confirmed. I received multiple incoming file requests of the same type while running build 3574. I was able to Refuse the connections and did not crash. :)

02/03/07 20:39:14 changed by Rinoa

  • status changed from assigned to closed.
  • resolution set to fixed.

Confirmed to be fixed in [3574].