diff options
Diffstat (limited to 'chat/bitchx/patches/patch-ag')
| -rw-r--r-- | chat/bitchx/patches/patch-ag | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/chat/bitchx/patches/patch-ag b/chat/bitchx/patches/patch-ag deleted file mode 100644 index 77495e6d999..00000000000 --- a/chat/bitchx/patches/patch-ag +++ /dev/null @@ -1,72 +0,0 @@ -$NetBSD: patch-ag,v 1.1 2003/03/29 21:20:30 salo Exp $ - -Fixes potential remote buffer overflows. See the following url for more -details: http://securityfocus.com/archive/1/315057 - -Patch by caf@guarana.org. - ---- source/banlist.c.orig 2002-02-28 05:22:46.000000000 +0100 -+++ source/banlist.c 2003-03-29 21:30:20.000000000 +0100 -@@ -264,9 +264,9 @@ - char * ban_it(char *nick, char *user, char *host, char *ip) - { - static char banstr[BIG_BUFFER_SIZE/4+1]; --char *tmpstr = NULL; - char *t = user; - char *t1 = user; -+char *tmp; - - *banstr = 0; - while (strlen(t1)>9) -@@ -277,33 +277,40 @@ - case 7: - if (ip) - { -- sprintf(banstr, "*!*@%s", cluster(ip)); -+ snprintf(banstr, sizeof banstr, "*!*@%s", -+ cluster(ip)); - break; - } - case 2: /* Better */ -- sprintf(banstr, "*!*%s@%s", t1, cluster(host)); -+ snprintf(banstr, sizeof banstr, "*!*%s@%s", t1, -+ cluster(host)); - break; - case 3: /* Host */ -- sprintf(banstr, "*!*@%s", host); -+ snprintf(banstr, sizeof banstr, "*!*@%s", host); - break; - case 4: /* Domain */ -- sprintf(banstr, "*!*@*%s", strrchr(host, '.')); -+ tmp = strrchr(host, '.'); -+ if (tmp) -+ snprintf(banstr, sizeof banstr, "*!*@*%s", -+ tmp); -+ else -+ snprintf(banstr, sizeof banstr, "*!*@%s", -+ host); - break; - case 5: /* User */ -- sprintf(banstr, "*!%s@%s", t, cluster(host)); -+ snprintf(banstr, sizeof banstr, "*!%s@%s", t, -+ cluster(host)); - break; - case 6: /* Screw */ -- malloc_sprintf(&tmpstr, "*!*%s@%s", t1, host); -- strcpy(banstr, screw(tmpstr)); -- new_free(&tmpstr); -+ snprintf(banstr, sizeof banstr, "*!*%s@%s", t1, host); -+ screw(banstr); - break; - case 1: /* Normal */ - default: -- { -- sprintf(banstr, "%s!*%s@%s", nick, t1, host); -+ snprintf(banstr, sizeof banstr, "%s!*%s@%s", nick, t1, -+ host); - break; - } -- } - return banstr; - } - |