egghelp/eggheads community Discussion of eggdrop bots, shell accounts and tcl scripts. 2009-04-28T11:43:45-04:00 https://forum.eggheads.org/app.php/feed/topic/16827 2009-04-28T11:43:45-04:00 2009-04-28T11:43:45-04:00 https://forum.eggheads.org/viewtopic.php?p=88605#p88605 <![CDATA[Calculation Tcl]]> My example is slightly flawed, as it did not contain a digit, but do try "!attack foo 0[die]".

In this case, our regexp checks the value of strength (0[die]) against the pattern [0-9]. Since there is atleast one digit in there, there will be a match, and accepted.
Next, we preprocess this line:

Code: 

set newstrength [expr $strength * 2]#Command substitution:expr $strength * 2#Variable substitutionexpr {0[die]} * 2
Unfortunately, expr will do it's own set of command and variable substitutions:

Code: 

expr {0[die]} * 2 => "0[die] * 2"#command substitutiondie#Oops, our bot died
There is no option to tell expr not to do variable substitutions, but just as with eval, you can use proper list structures (if you are careful) to prevent remote code injection. Hence, it is very very important to make sure whatever you pass to expr is safe.
If you'll check one of my earlier posts, you'll find a replacement regexp with proper regular expression. It makes use of the special tokens ^ (start of line) and $ (end of line), and inbetween these, one or more digits.


Next, not a major security issue, but it's bad coding, and will break on more complex input. Don't use lindex, lrange, etc on strings. They're supposed to be used on list, and nothing else. If you need to convert a string into a list, there's the split command.

Code: 

proc attack {nick uhost handle chan text} { set arg [split $text] set user [lindex $arg 0] set strength [lindex $arg 1]

Statistics: Posted by nml375 — Tue Apr 28, 2009 11:43 am

]]> 2009-04-28T00:40:45-04:00 2009-04-28T00:40:45-04:00 https://forum.eggheads.org/viewtopic.php?p=88602#p88602 <![CDATA[Calculation Tcl]]>

Statistics: Posted by raider2k — Tue Apr 28, 2009 12:40 am

]]> 2009-04-27T12:31:00-04:00 2009-04-27T12:31:00-04:00 https://forum.eggheads.org/viewtopic.php?p=88599#p88599 <![CDATA[Calculation Tcl]]>
Regarding my post, try "!attack foo [die]", and you'll see what I'm saying...

Regarding Timy's post, this sounds like a side-effect of the issue in my post. Most likely, some kind of garbage makes it through, causing expr to bark...

In any case, whenever you are passing data from an untrusted source to expr, extreme care must be taken to validate the data. Sloppy coding could very well result in a remote execution exploit.

Statistics: Posted by nml375 — Mon Apr 27, 2009 12:31 pm

]]> 2009-04-27T00:11:21-04:00 2009-04-27T00:11:21-04:00 https://forum.eggheads.org/viewtopic.php?p=88591#p88591 <![CDATA[Calculation Tcl]]> Statistics: Posted by raider2k — Mon Apr 27, 2009 12:11 am

]]> 2009-04-25T11:28:33-04:00 2009-04-25T11:28:33-04:00 https://forum.eggheads.org/viewtopic.php?p=88570#p88570 <![CDATA[Calculation Tcl]]>
since i dont know what defense and spy exactly are going to do, heres the half-done code containing fully working attack code.

if i got something wrong please tell me about it and i will try to fix it asap ;)

Code: 

bind pub - !attack attackbind pub - !defense defendbind pub - !spy spyproc attack { nick uhost handle chan text } {set user [lindex $text 0]set strength [lindex $text 1]### MAKES SURE THAT BOTH USERNAME AND STRENGTH GET FILLEDif { [string equal $strength ""] } {putserv "PRIVMSG $chan :syntax: !attack \$username \$strength-to-attack-with"return 0}if { ![regexp -all -nocase -- {[0-9]} $strength] } {### MAKES SURE THAT STRENGTH IS NUMERIC CHARS ONLYputserv "PRIVMSG $chan :please supply numerical characters only"return 0}### CALCULATION OF STRENGTH * 2 BELOWset newstrength [expr $strength * 2]### OUTPUT TO CHANNEL WHAT HAS HAPPENED BELOWputserv "PRIVMSG $chan :$nick attacks $user with $newstrength hitpoints"}proc defend { nick uhost handle chan text } {#### CODE HERE}proc spy { nick uhost handle chan text } {#### CODE HERE}
not tested, but should work though ;)
that wok with me vry fine, but i have on poblem.

but when i change number to multiply with from 2 to 3500, it work with ight out put whn i ntr number less than 6 digits, but when i nter number more than 6 digits it will give me wrong out put, but when i make it as 3000 instead of 3500 its wok normal evn if input moe than 6 digits, so what i need to change to let it work ?

Statistics: Posted by Timy — Sat Apr 25, 2009 11:28 am

]]> 2009-04-21T15:45:21-04:00 2009-04-21T15:45:21-04:00 https://forum.eggheads.org/viewtopic.php?p=88527#p88527 <![CDATA[Calculation Tcl]]>
Also, your regular expression is flawed, as it will let non-digit characters pass through..
A proper regular expression would look like this:

Code: 

set strength [lindex [split $text] 1]if {![regexp -- {^[[:digit:]]+$} $strength} {...

Statistics: Posted by nml375 — Tue Apr 21, 2009 3:45 pm

]]> 2009-04-21T13:23:36-04:00 2009-04-21T13:23:36-04:00 https://forum.eggheads.org/viewtopic.php?p=88526#p88526 <![CDATA[Calculation Tcl]]>
if i got something wrong please tell me about it and i will try to fix it asap ;)

Code: 

bind pub - !attack attackbind pub - !defense defendbind pub - !spy spyproc attack { nick uhost handle chan text } {set user [lindex $text 0]set strength [lindex $text 1]### MAKES SURE THAT BOTH USERNAME AND STRENGTH GET FILLEDif { [string equal $strength ""] } {putserv "PRIVMSG $chan :syntax: !attack \$username \$strength-to-attack-with"return 0}if { ![regexp -all -nocase -- {[0-9]} $strength] } {### MAKES SURE THAT STRENGTH IS NUMERIC CHARS ONLYputserv "PRIVMSG $chan :please supply numerical characters only"return 0}### CALCULATION OF STRENGTH * 2 BELOWset newstrength [expr $strength * 2]### OUTPUT TO CHANNEL WHAT HAS HAPPENED BELOWputserv "PRIVMSG $chan :$nick attacks $user with $newstrength hitpoints"}proc defend { nick uhost handle chan text } {#### CODE HERE}proc spy { nick uhost handle chan text } {#### CODE HERE}
not tested, but should work though ;)

Statistics: Posted by raider2k — Tue Apr 21, 2009 1:23 pm

]]> 2009-04-21T09:19:53-04:00 2009-04-21T09:19:53-04:00 https://forum.eggheads.org/viewtopic.php?p=88524#p88524 <![CDATA[Calculation Tcl]]>
Need support to have Tcl as follow :

to define those strength as follow

Attack = input number * 2
Defense = input number * 3
Spy = input number * 4

so when user make on main input as : Attack 200
so i need out to be as follow : username 400

so automatice it will multiply the input number which is related for Attack mean it need to multiply by 2 and give the answer to user.

so please need such tsl, for who can help me about it

Statistics: Posted by Timy — Tue Apr 21, 2009 9:19 am

]]>