diff options
author | lkundrak <lkundrak> | 2007-05-22 16:47:04 +0000 |
---|---|---|
committer | lkundrak <lkundrak> | 2007-05-22 16:47:04 +0000 |
commit | 7a390265b23ded136ff8c9a0d56b8241f41b6574 (patch) | |
tree | 9f9401e5e5aad16a96c671ffaa018aae43ce039e /chat/eggdrop/patches | |
parent | 856c3e327c269e9620e96d53fe182bbdba93abb9 (diff) | |
download | pkgsrc-7a390265b23ded136ff8c9a0d56b8241f41b6574.tar.gz |
Fix for the following:
eggdrop<=1.6.18 arbitrary-code-execution http://www.eggheads.org/bugzilla/show_bug.cgi?id=462
Diffstat (limited to 'chat/eggdrop/patches')
-rw-r--r-- | chat/eggdrop/patches/patch-al | 16 | ||||
-rw-r--r-- | chat/eggdrop/patches/patch-am | 16 |
2 files changed, 32 insertions, 0 deletions
diff --git a/chat/eggdrop/patches/patch-al b/chat/eggdrop/patches/patch-al new file mode 100644 index 00000000000..8cb99dc681a --- /dev/null +++ b/chat/eggdrop/patches/patch-al @@ -0,0 +1,16 @@ +$NetBSD: patch-al,v 1.1 2007/05/22 16:47:04 lkundrak Exp $ + +Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462 + +--- src/mod/irc.mod/chan.c.orig 2007-05-22 18:29:41.000000000 +0200 ++++ src/mod/irc.mod/chan.c +@@ -2204,7 +2204,8 @@ static int gotmsg(char *from, char *msg) + if (!chan) + return 0; /* Private msg to an unknown channel?? */ + fixcolon(msg); +- strcpy(uhost, from); ++ strncpy(uhost, from, UHOSTMAX); ++ uhost[UHOSTMAX] = '\0'; + nick = splitnick(&uhost); + /* Only check if flood-ctcp is active */ + if (flud_ctcp_thr && detect_avalanche(msg)) { diff --git a/chat/eggdrop/patches/patch-am b/chat/eggdrop/patches/patch-am new file mode 100644 index 00000000000..49be3600763 --- /dev/null +++ b/chat/eggdrop/patches/patch-am @@ -0,0 +1,16 @@ +$NetBSD: patch-am,v 1.1 2007/05/22 16:47:05 lkundrak Exp $ + +Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462 + +--- src/mod/server.mod/servmsg.c.orig 2007-05-22 18:29:49.000000000 +0200 ++++ src/mod/server.mod/servmsg.c +@@ -424,7 +424,8 @@ static int gotmsg(char *from, char *msg) + to = newsplit(&msg); + fixcolon(msg); + /* Only check if flood-ctcp is active */ +- strcpy(uhost, from); ++ strncpy(uhost, from, UHOSTMAX); ++ uhost[UHOSTMAX] = '\0'; + nick = splitnick(&uhost); + if (flud_ctcp_thr && detect_avalanche(msg)) { + if (!ignoring) { |