Severity: MEDIUM
Location: src/Controllers/AdminBbsListingController.php:163 + src/Services/BbsTelnetCapture.php:23
Bug: Check-time resolves host to a public IP; connect-time resolves again and may hit a private IP.
Fix: Resolve once in PHP, pass IP to capture.
Status: open. Will reply with remediation details when resolved.
Deferred — see reply.
Deferred.
The fix as stated requires resolving the hostname once in PHP, then passing the IP (not the host) to stream_socket_client inside BbsTelnetCapture::capture. In practice, the SSH/telnet protocols on the other side often care about the hostname (for routing, SNI, rDNS), so passing a bare IP can break legitimate BBSes that rely on virtual hosting, load balancers, or hostname-based routing.
The proper fix is to:
host and resolved IP.curl --resolve does.That requires a custom resolver hook and protocol-specific handling that's out of scope for a pure-PHP drop-in.
In the meantime, this is admin-only (role ≥ 4), the isPublicHost check still catches static private/link-local addresses, and an attacker would need both a compromised admin account and a DNS rebinding server under their control. Re-opening would require the infrastructure work above.
Leaving this thread unlocked — not considered closed.
We noticed you are visiting from a mobile device. We are glad you are here, but know that 6502ish is best experienced on the desktop. Some features are not easily used via mobile and your experience may vary from the full experience via desktop.