Eggdev: The state of eggdrop1.9

Sven Trenkel list at semidefinite.de
Tue Apr 24 17:10:48 CST 2007


Jeff Fisher wrote:
>> Good idea. I'm fine with escaping.
> 
> What about something like this
> 
> http://www.dlitz.net/proto/netstrings-abnf.txt

Looks nice, but it would allow binary data in every kind of botnet
event. Having newlines in nicks, botnames and stuff might just be
annoying for the users, but could be an endless source of exploits for
careless script writers. Imagine a simple script that announces a user
or bot quitting the partyline to an IRC channel:
Bot test left the botnet: Haha!\nPRIVMSG #channel :Ha, exploit!

At the moment every possible botnet event expects stings in the format
"function(..., const char *text, int len)". But I was going to remove
the len from every event except for zapf messages because supporting
binary data for strings the have only one purpose, to be read by a
human, doesn't seem to make any sense.

That's why I thought about supporting binary data only for specific
messages and not for the complete protocol.

On the other hand these kind of messages are easy to construct compared
to character escaping. The way the botnet API works at the moment every
broadcast message has to be constructed independently for each bot that
is directly connected. That might become expensive with escaping and
large botnets.


CU
   Sven




More information about the Eggdev mailing list