pkgsrc/chat/bitchx/patches/patch-aj

$NetBSD: patch-aj,v 1.2 2003/05/14 20:09:13 salo Exp $

Fixes potential remote buffer overflows.  See the following url for more
details:  http://securityfocus.com/archive/1/315057

Patch by caf@guarana.org.

Fix major core bug with channel mode -k * on hybrid7 servers.
From BitchX CVS.

--- source/names.c.orig	2002-03-25 21:47:30.000000000 +0100
+++ source/names.c	2003-05-14 21:51:01.000000000 +0200
@@ -572,7 +572,7 @@
 
    	*nmodes = 0;
    	*nargs = 0;
-	for (; *modes; modes++) 
+	for (; *modes && (strlen(nmodes) + 2) < sizeof nmodes; modes++)
 	{
 		isbanned = isopped = isvoiced = 0;
 		switch (*modes) 
@@ -742,7 +742,7 @@
 
    /* modes which can be done multiple times are added here */
 
-	for (tucm = ucm; tucm; tucm = tucm->next) 
+	for (tucm = ucm; tucm && (strlen(nmodes) + 2) < sizeof nmodes; tucm = tucm->next)
 	{
 		if (tucm->o_ed) 
 		{
@@ -1003,8 +1003,9 @@
 				malloc_strcpy(key, next_arg(rest, &rest));
 			else
 			{
-				if (rest && *key && !my_strnicmp(rest, *key, strlen(*key)))
+				if (rest && *key && (!my_strnicmp(rest, *key, strlen(*key)) || rest[0] == '*'))
 					next_arg(rest, &rest);
+
 				new_free(key);
 			}
 			(*channel)->i_mode = -1;