diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-06 05:16:50 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-06 05:16:50 +0000 |
commit | efc5b753309f3cc20336184c6cd5d3fb10c53a3c (patch) | |
tree | 0e574ee59a2ed46f9a715918b10b1ee768dc1a43 /chat/bitchx/patches/patch-ah | |
parent | 9f491f3153e47d5abb26271a6a9b06501396836a (diff) | |
download | pkgsrc-efc5b753309f3cc20336184c6cd5d3fb10c53a3c.tar.gz |
Add patches for two longstanding security issues in bitchx:
- CVE-2007-5839: e_hostname uses mktempnam in an unsafe manner.
- CVE-2007-4584: p_mode classic buffer overflow using a static string.
Diffstat (limited to 'chat/bitchx/patches/patch-ah')
-rw-r--r-- | chat/bitchx/patches/patch-ah | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/chat/bitchx/patches/patch-ah b/chat/bitchx/patches/patch-ah new file mode 100644 index 00000000000..0ccc33901ab --- /dev/null +++ b/chat/bitchx/patches/patch-ah @@ -0,0 +1,59 @@ +$NetBSD: patch-ah,v 1.3 2008/07/06 05:16:50 tonnerre Exp $ + +--- source/commands.c.orig 2003-06-11 09:00:41.000000000 +0200 ++++ source/commands.c +@@ -2617,7 +2617,6 @@ BUILT_IN_COMMAND(e_hostname) + #if !defined(__linux__) && !defined(BSD) && !defined(__EMX__) + bitchsay("Local Host Name is [%s]", (LocalHostName)? LocalHostName: hostname); + #elif defined(old_hostname) +- char filename[81]; + char comm[200]; + FILE *fptr; + char *p = NULL, *q; +@@ -2632,34 +2631,29 @@ BUILT_IN_COMMAND(e_hostname) + #endif + #endif + +- tmpnam(filename); + #if defined(_BSDI_VERSION) && _BSDI_VERSION < 199701 + if (!(p = path_search("netstat", "/sbin:/usr/sbin:/bin:/usr/bin"))) + { + yell("No Netstat to be found"); + return; + } +- sprintf(comm, "%s -in >%s", p, filename); ++ sprintf(comm, "%s -in", p); + #elif defined(__EMX__) +- sprintf(comm, "netstat -a > %s", filename); ++ sprintf(comm, "netstat -a"); + #else + if (!(p = path_search("ifconfig", "/sbin:/usr/sbin:/bin:/usr/bin"))) + { + yell("Can't find ifconfig"); + return; + } +- sprintf(comm, "%s -a >%s", p, filename); ++ sprintf(comm, "%s -a", p); + #endif +- system(comm); + + #ifdef __EMXPM__ + pm_seticon(last_input_screen); + #endif +- if ((fptr = fopen(filename, "r")) == NULL) +- { +- unlink(filename); ++ if ((fptr = popen(comm, "r")) == NULL) + return; +- } + #if defined(_BSDI_VERSION) && _BSDI_VERSION < 199701 + fgets(comm, 200, fptr); + fgets(comm, 200, fptr); +@@ -2777,7 +2771,6 @@ BUILT_IN_COMMAND(e_hostname) + } + } + fclose(fptr); +- unlink(filename); + for (new = virtuals, i = 1; virtuals; i++) + { + new = virtuals; |