Skip to content
Snippets Groups Projects
Commit 0e99d274 authored by rswindell's avatar rswindell
Browse files

Address 2 QWK/REP-importing security issues:

1. If QWKE was enabled for the QWKnet account on the Hub, a user could spoof
   their name with a "From:" QWKE kludge line in the message body. Fixed by
   not processing QWKE "From:" kludge lines at all, ever.
2. If an @VIA kludge line was in the message body, it could over-ride the
   correct value from the HEADERS.DAT (oops). Really, the SENDERNET* lines
   in the HEADERS.DAT were always being overriden by either the @VIA kludge
   line (if present) or just the auto-genereated SENDERNET info (from the
   QWK-ID of the QWKnet account or hub. Normally, in a single hop QWKnet
   message, there will be no @VIA line, so spoofing is still possible in that
   case.
parent 6ad0db8c
No related branches found
No related tags found
No related merge requests found
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment