[Erbot-discuss] Exploit in user-defined functions

erbot-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Erbot-discuss] Exploit in user-defined functions

From:	Michael Olson
Subject:	[Erbot-discuss] Exploit in user-defined functions
Date:	Wed, 09 Nov 2005 23:42:10 -0500
User-agent:	Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

One of the users of my bot (who has too much time on his hands,
apparently), has found another exploit.

(defun fs-hbpart
  (fs-x)
  (erblisp-check-args fs-x)
  (sit-for 0)
  (fs-hb
   (fs-format "part %s" fs-x)))

(defun fs-hb
  (fs-x)
  (erblisp-check-args fs-x)
  (sit-for 0)
  (fs-format "^M%s" fs-x))

(where ^M is a literal control-M character)

Input: hbpart "#myChannel"

This was due to erbot's method for splitting lines, which split on
'\n' rather than both newline and form-feed (\r).  A fix has been
applied upstream.

-- 
Michael Olson -- FSF Associate Member #652 -- http://www.mwolson.org/
Interests: anime, Debian, XHTML, wiki, Emacs Lisp
  /` |\ | | | IRC: mwolson on freenode.net: #hcoop, #muse, #PurdueLUG
 |_] | \| |_| Jabber: mwolson_at_hcoop.net

pgpgffXvCyjbi.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Erbot-discuss] Exploit in user-defined functions, Michael Olson <=

Prev by Date: Re: [Erbot-discuss] Limiting length of lists for user functions
Previous by thread: [Erbot-discuss] Limiting length of lists for user functions
Index(es):
- Date
- Thread