~emersion/soju#238: 
Forced changes to "*" crashes entire user

We were playing around with message injections and noticed that forcing a soju user to change their nick to * seems to crash the entire user on that soju instance.

2024/12/20 16:40:55 user "runxiyu": upstream "rx": received: @time=2024-12-20T16:40:55.133Z;account=runxiyu NICK *
2024/12/20 16:40:55 panic serving user "runxiyu": cacheUserInfo called with empty nickname
goroutine 20 [running]:
runtime/debug.Stack()
        runtime/debug/stack.go:24 +0x5e
codeberg.org/emersion/soju.(*Server).addUserLocked.func1.1()
        codeberg.org/emersion/soju/server.go:440 +0x58
panic({0x560f48101a60?, 0x560f481c2f70?})
        runtime/panic.go:770 +0x132
codeberg.org/emersion/soju.(*upstreamConn).cacheUserInfo(0x560f48148680?, {0xc0002648d0?, 0xc000031340?}, 0x4?)
        codeberg.org/emersion/soju/upstream.go:2430 +0x2d5
codeberg.org/emersion/soju.(*upstreamConn).handleMessage(0xc0000d9a00, {0x560f481c8e48, 0x560f4857ad40}, 0xc0007bd000)
        codeberg.org/emersion/soju/upstream.go:1112 +0x4a2e
codeberg.org/emersion/soju.(*user).run(0xc0000be380)
        codeberg.org/emersion/soju/user.go:701 +0x19ab
codeberg.org/emersion/soju.(*Server).addUserLocked.func1()
        codeberg.org/emersion/soju/server.go:451 +0x65
created by codeberg.org/emersion/soju.(*Server).addUserLocked in goroutine 1
        codeberg.org/emersion/soju/server.go:437 +0x170

According to funderscore, this causes strange behaviour on the rest of their bouncer. It seems to cause my other connections to time out too (apparently my entire user is unusable?).

2024/12/20 15:42:44 downstream "127.0.0.1:43480": registration complete for user "funderscore"
2024/12/20 15:42:44 downstream "127.0.0.1:43480": failed to get/create user: user "funderscore" exists in the DB but hasn't been loaded by the bouncer -- a restart may help
Status
REPORTED
Submitter
~runxiyu
Assigned to
No-one
Submitted
a month ago
Updated
17 days ago
Labels
bug

Ferass El Hafidi a month ago ยท edit

According to funderscore, this causes strange behaviour on the rest of their bouncer. It seems to cause my other connections to time out too (apparently my entire user is unusable?).

Yes. All my connections time out, and I am disconnected from the bouncer. When trying to reconnect again, I get met with:

ERROR :Internal server error

Or something similar.

According to Simon in the IRC channel:

a panic brings down the entire user - that's expected

~runxiyu 17 days ago*

After testing with doesnm a bit, it looks like soju panics when changing its nick to something like "!blah@blah" since it parses the nick and thinks that there's an empty nick. The NICK handler calls uc.cacheUserInfo(msg.Prefix.Name, &upstreamUser...), and cacheUserInfo has if nick == "" { panic(...) }

Register here or Log in to comment, or comment via email.