4983b17fc3
- Fix major core bug with channel mode -k * on hybrid7 servers. For more information see: http://www.securityfocus.com/archive/1/321093 Patch from BitchX CVS.
41 lines
1.2 KiB
Text
41 lines
1.2 KiB
Text
$NetBSD: patch-aj,v 1.2 2003/05/14 20:09:13 salo Exp $
|
|
|
|
Fixes potential remote buffer overflows. See the following url for more
|
|
details: http://securityfocus.com/archive/1/315057
|
|
|
|
Patch by caf@guarana.org.
|
|
|
|
Fix major core bug with channel mode -k * on hybrid7 servers.
|
|
From BitchX CVS.
|
|
|
|
--- source/names.c.orig 2002-03-25 21:47:30.000000000 +0100
|
|
+++ source/names.c 2003-05-14 21:51:01.000000000 +0200
|
|
@@ -572,7 +572,7 @@
|
|
|
|
*nmodes = 0;
|
|
*nargs = 0;
|
|
- for (; *modes; modes++)
|
|
+ for (; *modes && (strlen(nmodes) + 2) < sizeof nmodes; modes++)
|
|
{
|
|
isbanned = isopped = isvoiced = 0;
|
|
switch (*modes)
|
|
@@ -742,7 +742,7 @@
|
|
|
|
/* modes which can be done multiple times are added here */
|
|
|
|
- for (tucm = ucm; tucm; tucm = tucm->next)
|
|
+ for (tucm = ucm; tucm && (strlen(nmodes) + 2) < sizeof nmodes; tucm = tucm->next)
|
|
{
|
|
if (tucm->o_ed)
|
|
{
|
|
@@ -1003,8 +1003,9 @@
|
|
malloc_strcpy(key, next_arg(rest, &rest));
|
|
else
|
|
{
|
|
- if (rest && *key && !my_strnicmp(rest, *key, strlen(*key)))
|
|
+ if (rest && *key && (!my_strnicmp(rest, *key, strlen(*key)) || rest[0] == '*'))
|
|
next_arg(rest, &rest);
|
|
+
|
|
new_free(key);
|
|
}
|
|
(*channel)->i_mode = -1;
|