diff options
Diffstat (limited to 'chat/bitchx/patches/patch-ar')
| -rw-r--r-- | chat/bitchx/patches/patch-ar | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/chat/bitchx/patches/patch-ar b/chat/bitchx/patches/patch-ar new file mode 100644 index 00000000000..c887b648bf0 --- /dev/null +++ b/chat/bitchx/patches/patch-ar @@ -0,0 +1,21 @@ +$NetBSD: patch-ar,v 1.1 2007/06/25 14:15:21 lkundrak Exp $ + +This patch fixes CVE-2007-3360 flaw, where a malicious server could +inject a hook possibly executiong malicious code and direct client +into executing it by using bogus hook index. + +--- source/hook.c.orig 2007-06-25 15:41:37.000000000 +0200 ++++ source/hook.c 2007-06-25 15:41:39.000000000 +0200 +@@ -837,6 +837,12 @@ int BX_do_hook (int which, char *format + #ifdef WANT_TCL + int tcl_ret = 0; + #endif ++ ++ /* CVE-2007-3360 boundary check */ ++ if (which >= sizeof(hook_functions)/sizeof(hook_functions[0])) { ++ return NO_ACTION_TAKEN; ++ } ++ + /* + * Figure out where the hooks are for the event type were asserting + */ |