Fix for a security issue, CVE-2007-3360. A malicious server could direct

the client into executing arbitrary code.
author: lkundrak <lkundrak> 2007-06-25 14:15:21 +0000
committer: lkundrak <lkundrak> 2007-06-25 14:15:21 +0000
commit: d88980632486f8e4c2982033dc69fa49dfbacbbf (patch)
tree: 4b6fba38e6a1a5c13c690c6642dab7174df34847 /chat/bitchx/patches
parent: 66017a5cb8078368aeae1a5feb8f1f9127633657 (diff)
download: pkgsrc-d88980632486f8e4c2982033dc69fa49dfbacbbf.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/chat/bitchx/patches/patch-ar b/chat/bitchx/patches/patch-ar
new file mode 100644
index 00000000000..c887b648bf0
--- /dev/null
+++ b/chat/bitchx/patches/patch-ar
@@ -0,0 +1,21 @@
+$NetBSD: patch-ar,v 1.1 2007/06/25 14:15:21 lkundrak Exp $
+
+This patch fixes CVE-2007-3360 flaw, where a malicious server could
+inject a hook possibly executiong malicious code and direct client
+into executing it by using bogus hook index.
+
+--- source/hook.c.orig	2007-06-25 15:41:37.000000000 +0200
++++ source/hook.c	2007-06-25 15:41:39.000000000 +0200
+@@ -837,6 +837,12 @@ int 	BX_do_hook (int which, char *format
+ #ifdef WANT_TCL
+ 	int		tcl_ret = 0;
+ #endif	
++
++	/* CVE-2007-3360 boundary check */
++	if (which >= sizeof(hook_functions)/sizeof(hook_functions[0])) {
++		return NO_ACTION_TAKEN;
++	}
++
+ 	/*
+ 	 * Figure out where the hooks are for the event type were asserting
+ 	 */
author	lkundrak <lkundrak>	2007-06-25 14:15:21 +0000
committer	lkundrak <lkundrak>	2007-06-25 14:15:21 +0000
commit	d88980632486f8e4c2982033dc69fa49dfbacbbf (patch)
tree	4b6fba38e6a1a5c13c690c6642dab7174df34847 /chat/bitchx/patches
parent	66017a5cb8078368aeae1a5feb8f1f9127633657 (diff)
download	pkgsrc-d88980632486f8e4c2982033dc69fa49dfbacbbf.tar.gz