Page MenuHomePhabricator

Make channelmgnt::chanopget properly handle recursion and duplicate items
Open, HighPublic

Description

Was looking at this code and think it might be able to.

Need to put a bit of a test case together but marking as a security in case you can.

It should be low risk

Details

Security
None

Event Timeline

Do not make this public or merge without my approval

I've had a quick check and I'm not sure it does so I'm going to try and get a test case 100% working tonight but there's definately a bug here as you can duplicate items in the array

RhinosF1 renamed this task from Can channelmgnt::chanopget infinitely recurse? to Make channelmgnt::chanopget properly handle recursion and duplicate items.Dec 20 2020, 2:00 PM
RhinosF1 added a project: MirahezeBot-Plugins.

Gonna make public as I can't see a security issue here checking again

RhinosF1 changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 20 2020, 3:56 PM
RhinosF1 removed a project: Security.
RhinosF1 changed Security from Software security bug to None.