Forums Bug Reports DCC Send of files with >= 20 spaces in filename

Im running my own irc server (Unreal ircd) and it has a spam filter which includes this:

spamfilter {
regex "(.+ ){20}";
target dcc;
reason "mIRC 6.0-6.11 exploit attempt";
action block;
};

If I try to DCC send a file named "1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1.txt", the file sends, but if it failed and needed to resume, or the file already existed, then unreal ircd blocks the DCC send.

(send the first time)
23:11:25 DCC Send of 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1.txt to testuser complete (00:00:01 0.01 KB/Sec)

(send the 2nd time)
*** Notice -- Client exiting: testuser (test@202-212-82-212.my.isp.net.au) [mIRC 6.0-6.11 exploit attempt]

my client is a clean mirc 6.16 (running locally), and the remote
receiver was running a clean version of 6.16.

Trying a file with < 20 spaces in the filename doesnt cause this problem.

23:15:42 DCC Send of 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9.txt to testuser complete (00:00:01 0.01 KB/Sec)
-
23:15:50 DCC Send of 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9.txt to testuser complete (00:00:01 0.01 KB/Sec)


Why is there a limitation to how many spaces you can have in a filename?

I did disable the spam filter on the irc server (the whole lot because im only running a small private network), but my mirc started having severe problems where I would lose access to all my local/networked drives, and I couldnt read/write to them (majority of the time). When I closed my mirc session that was doing the DCC sending (which was using 100% CPU), everything works again. Im not sure of the exact cause of this problem, but it would happen about once a day. I could only stop the problem from happening by stopping DCC file sending.

mIRC has nothing to do with the development or protection coded into Unreal IRCd, and mIRC cannot control what the IRCd blocks.

There was a DCC exploit in version of mIRC 6.0 to 6.11. This is fixed in versions 6.12 and above (i.e. the latest version, always recommended). A lot of IRCds have put blocks to prevent people exploiting others, and crashing other people's mIRC clients.

For help with Unreal IRCd, please use the Unreal IRCD Forums.

Regards,

I corrected/added stuff to the post, so previous repliers should read it again. I will try to test the above problem again on another network, but since the problem causes havok, im not too keen on the idea. First, I wanted to see if anyone else had some positive feedback on this problem.

does that exploit still exist in mirc 6.16?

Is it possible for an irc server to cause your mirc session to consume 100% CPU from DCC send? This was when I had the spam filter disabled on the irc server.
Its a very difficult problem to track down because it doesnt happen while im watching it

As I said, the exploit does not exist in versions 6.12 and higher (that included 6.16).

mIRC has nothing which displays a message such as "[mIRC 6.0-6.11 exploit attempt]". This must be a server issue, something related to Unreal IRCd.

mIRC will display an 'invalid parameters' message if someone seriously attempts to use the DCC exploit (in the latest versions), it doesn't display anything that would say "someone is using an exploit against you" because that is not necessarily the case when receiving the 'invalid parameters' message.

Regards,

Yes, that message comes from Unreal ircd if you have the spam filter loaded.
I just tested it with the spam filter unloaded, and resume works for files with 20+ spaces in the name.

However, Im sure I will experience that 100% CPU problem described earlier. Im testing it again from my own network first (to make sure its still happening)

Dont try this on a pentium 1 233 mhz with 64mb of ram.. I tried the 20+ spaces and my mIRC used all my processor and made my mouse barely able to move, I couldnt get my mouse in the right spot cause it took like 5 seconds to update where it was! I had to reboot! You're right it does take 100% cpu usage! YIKES! Could be a new exploit...

I do not experience 100% CPU usage when performing the above DCC send. I tried DCC sending to myself, and tidy_trax.

I'm on Win XP Home SP1, 3Ghz, 512MB RAM, I was at 50-55% CPU usage before and after the DCC. Tidy_trax is on 1Ghz, 96MB RAM, Win XP Professional, his remained at 6%.

mIRC 6.16.

Edit: This is NOT an exploit.

Regards,

my p1 233 mhz is a laptop runnin win98SE, if that means anything but I too experiance the problem.. I havent tried it on my PC win2k

It doesnt happen to me all the time. Im probably sending about 50 files a day to this 1 person (they are on 56k modem), and it might only happen to me once a day.
Im on Win2k Pro, fully patched, no viruses etc.
Running a Intel P4 2.4GHz 1MB cache, with 1GB RAM.
I ran extensive tests against my RAM, and also ran several virus scans and adware scans etc. I stopped running all my eggdrops, upgraded my 4 mirc sessions from 6.12 to clean 6.16 sessions. Unloaded any scripts that I hadnt written myself.
I even got the other receiving user to upgrade their mirc from 6.15 to 6.16.
The only thing I could narrow it down to, was the DCC send, but I havent been able to catch the problem when it happens.
Ive since changed my Administrator password, stopped Windows services, and blocked some of the ports on my router. So i'll see if its still happening to me.

All I can say for now is that its happened atleast 4 times. And when it does, it totally screws with my system. 1 of my 4 mirc sessions uses 100% CPU, and it seems to cause other Windows processes from getting any CPU because I get read/write problems to local/networked drives. I get problems opening a text file with notepad.exe. Sometimes it says the drive is inaccessible. Sometimes it opens but theres no title in the notepad.exe. And sometimes it gives me a memory error. Norton Antivirus also crashes and tells me I need to uninstall/reinstall. But after a reboot, my whole system works fine.
So as you can tell, its taken me quiet some time to narrow down what the problem could be, and its quiet a messy situation when something goes wrong.
Im only connected to my own private irc network, which only has about 10 other remote users. Some of those users are connecting to multiple networks too, so im not sure if theres any exploit coming through from there.

50 files a day? wtf?

even if you do own the rights to the files your sending, wouldn't it be easier if you just installed an FTP server!?

Anyway, back on topic, i've never had 100% cpu from any kind of DCC send or gets.

i use the latest unreal linux, with a spam filter, and the dcc send goes like normal, and the cpu doesnt jump at all. the server cpu, or the 1 running mirc