Results 1 to 2 of 2

Thread: kvirc 4.2.0 on openSUSE 13.2 SASL authentication failures fix available

  1. #1
    Join Date
    Feb 2009
    Location
    USA
    Posts
    13

    Question kvirc 4.2.0 on openSUSE 13.2 SASL authentication failures fix available

    Hi,

    I'm using the stock kvirc (4.2.0) on openSUSE 13.2 and, since December, have had consistent SASL authentication failures when connection to chat.freenode.net. I finally found the source of the problem in the kvirc project bug tracker (see below). The problem has been fixed in SVN. What is the best way to request that this fix gets pulled into the regular 13.2 security updates?

    Thanks!
    Code:
                                Ticket #1483           (closed Bug: fixed)
    ...
       
       SASL fallback to PLAIN mode fails if both 908 and 904 numerics are sent by server
    
       
    Reported by: Renegade334 Owned by: pragma
    Priority: Normal Milestone:
    Component: Core Version: 4.3.1 Aria
    Keywords: SASL Cc:
    Description Both 908 (RPL_SASLMECHS) and 904 (RPL_SASLFAILED) numerics are parsed through KviIrcServerParser::parseNumericSaslIdiocy. inspircd will send both a 908 and a 904 message upon requesting an unsupported SASL mechanism (unsure about other ircd's). This results in the following failure sequence:
    • KVIrc sends an unsupported AUTHENTICATE DH-BLOWFISH attempt
    • 908 numeric received from server
    • KviIrcServerParser::parseNumericSaslIdiocy is called
    • It calls KviIrcConnection::handleAuthenticateFallback
    • KviIrcConnection::handleAuthenticateFallback checks isInsideAuthenticateFallback(), which is false; it therefore sets it to true and sends an AUTHENTICATE PLAIN message
    • The next message received from the server is a 904 numeric
    • KviIrcServerParser::parseNumericSaslIdiocy is called
    • It calls KviIrcConnection::handleAuthenticateFallback
    • KviIrcConnection::handleAuthenticateFallback checks isInsideAuthenticateFallback(), which is now true; it therefore calls KviIrcConnection::endInitialCapNegotiation and terminates the CAP phase
    Because the CAP phase is prematurely terminated before the fallback handshake is complete, KVIrc continues with the normal registration phase, and SASL authentication fails.

  2. #2

    Default Re: kvirc 4.2.0 on openSUSE 13.2 SASL authentication failures fix available

    I'm having the same problem (same build of kvirc and openSUSE) and I thought maybe I had it setup wrongly somewhere (though I followed a guide specific for kvirc in openSUSE for freenode) to no avail. At least now I know it was not my fault.
    Right now I'm just using the normal autoidentify through the OnConnect tab in the server section (in a SSL server) but I would like as well to get this fixed sooner or later as I heard is better (more secure) than just sending the normal message as soon as I connect.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •