From b62cf7cb516dd21378b978e1e2880fb799a3b20e Mon Sep 17 00:00:00 2001 From: tonnerre Date: Sun, 6 Jul 2008 05:16:50 +0000 Subject: Add patches for two longstanding security issues in bitchx: - CVE-2007-5839: e_hostname uses mktempnam in an unsafe manner. - CVE-2007-4584: p_mode classic buffer overflow using a static string. --- chat/bitchx/Makefile | 4 +-- chat/bitchx/distinfo | 4 ++- chat/bitchx/patches/patch-ag | 40 ++++++++++++++++++++++++++++++ chat/bitchx/patches/patch-ah | 59 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+), 3 deletions(-) create mode 100644 chat/bitchx/patches/patch-ag create mode 100644 chat/bitchx/patches/patch-ah (limited to 'chat/bitchx') diff --git a/chat/bitchx/Makefile b/chat/bitchx/Makefile index 9346a77a468..0f4ff7e7411 100644 --- a/chat/bitchx/Makefile +++ b/chat/bitchx/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.43 2008/01/18 05:06:22 tnn Exp $ +# $NetBSD: Makefile,v 1.44 2008/07/06 05:16:50 tonnerre Exp $ DISTNAME= ircii-pana-1.1-final PKGNAME= bitchx-1.1 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= chat MASTER_SITES= http://www.bitchx.org/files/source/ \ ftp://ftp.bitchx.org/pub/BitchX/source/ \ diff --git a/chat/bitchx/distinfo b/chat/bitchx/distinfo index b706a932b3c..e9f3f3a3649 100644 --- a/chat/bitchx/distinfo +++ b/chat/bitchx/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2007/06/25 14:15:21 lkundrak Exp $ +$NetBSD: distinfo,v 1.17 2008/07/06 05:16:50 tonnerre Exp $ SHA1 (ircii-pana-1.1-final.tar.gz) = b25635b62c7ff905b6492a4aaa88c43b5aa164f8 RMD160 (ircii-pana-1.1-final.tar.gz) = 4105de2587964146e2391a26a8a16e3d0059a93f @@ -9,6 +9,8 @@ SHA1 (patch-ac) = ba59735707ca8758d62e78b7756330aa933f2de7 SHA1 (patch-ad) = ba00fb80b1b980a32b70d84e4ca4db91e9fd5538 SHA1 (patch-ae) = 90c7e0a19c81e710392c675be650c57e64ee65b3 SHA1 (patch-af) = c79fcbcc57b8234d5918b1414219965b75e3c0d1 +SHA1 (patch-ag) = fc0b31a959a5799122178a255006ee67521fb49a +SHA1 (patch-ah) = e3e8334298ba06e7980309a6b2e9b624e1fbd398 SHA1 (patch-an) = 59a6dc31a90b88bbffac5bb4629feaa2488afeff SHA1 (patch-ao) = ce6d8d68f39c54e5f174d294b0a72432b95fe89b SHA1 (patch-ap) = 7cc6162de323bf07e52cbad7d4b4b54ac01d105e diff --git a/chat/bitchx/patches/patch-ag b/chat/bitchx/patches/patch-ag new file mode 100644 index 00000000000..db447e09726 --- /dev/null +++ b/chat/bitchx/patches/patch-ag @@ -0,0 +1,40 @@ +$NetBSD: patch-ag,v 1.3 2008/07/06 05:16:50 tonnerre Exp $ + +--- source/parse.c.orig 2008-07-06 06:24:53.000000000 +0200 ++++ source/parse.c +@@ -1413,10 +1413,11 @@ static void p_mode(char *from, char **Ar + char *channel; + char *line; + int flag; ++ size_t linelen; + + ChannelList *chan = NULL; + ChannelList *chan2 = get_server_channels(from_server); +- char buffer[BIG_BUFFER_SIZE+1]; ++ char *buffer; + char *smode; + #ifdef COMPRESS_MODES + char *tmpbuf = NULL; +@@ -1432,7 +1433,13 @@ static void p_mode(char *from, char **Ar + set_display_target(channel, LOG_CRAP); + if (channel && line) + { +- strcpy(buffer, line); ++ buffer = malloc(linelen = strlen(line)); ++ if (!buffer) ++ { ++ perror("malloc"); ++ return; ++ } ++ strncpy(buffer, line, linelen); + if (get_int_var(MODE_STRIPPER_VAR)) + strip_modes(from,channel,line); + if (is_channel(channel)) +@@ -1486,6 +1493,7 @@ static void p_mode(char *from, char **Ar + do_logchannel(LOG_MODE_USER, chan, "%s %s %s", from, channel, line); + } + update_all_status(current_window, NULL, 0); ++ free(buffer); + } + #ifdef GUI + gui_update_nicklist(channel); diff --git a/chat/bitchx/patches/patch-ah b/chat/bitchx/patches/patch-ah new file mode 100644 index 00000000000..0ccc33901ab --- /dev/null +++ b/chat/bitchx/patches/patch-ah @@ -0,0 +1,59 @@ +$NetBSD: patch-ah,v 1.3 2008/07/06 05:16:50 tonnerre Exp $ + +--- source/commands.c.orig 2003-06-11 09:00:41.000000000 +0200 ++++ source/commands.c +@@ -2617,7 +2617,6 @@ BUILT_IN_COMMAND(e_hostname) + #if !defined(__linux__) && !defined(BSD) && !defined(__EMX__) + bitchsay("Local Host Name is [%s]", (LocalHostName)? LocalHostName: hostname); + #elif defined(old_hostname) +- char filename[81]; + char comm[200]; + FILE *fptr; + char *p = NULL, *q; +@@ -2632,34 +2631,29 @@ BUILT_IN_COMMAND(e_hostname) + #endif + #endif + +- tmpnam(filename); + #if defined(_BSDI_VERSION) && _BSDI_VERSION < 199701 + if (!(p = path_search("netstat", "/sbin:/usr/sbin:/bin:/usr/bin"))) + { + yell("No Netstat to be found"); + return; + } +- sprintf(comm, "%s -in >%s", p, filename); ++ sprintf(comm, "%s -in", p); + #elif defined(__EMX__) +- sprintf(comm, "netstat -a > %s", filename); ++ sprintf(comm, "netstat -a"); + #else + if (!(p = path_search("ifconfig", "/sbin:/usr/sbin:/bin:/usr/bin"))) + { + yell("Can't find ifconfig"); + return; + } +- sprintf(comm, "%s -a >%s", p, filename); ++ sprintf(comm, "%s -a", p); + #endif +- system(comm); + + #ifdef __EMXPM__ + pm_seticon(last_input_screen); + #endif +- if ((fptr = fopen(filename, "r")) == NULL) +- { +- unlink(filename); ++ if ((fptr = popen(comm, "r")) == NULL) + return; +- } + #if defined(_BSDI_VERSION) && _BSDI_VERSION < 199701 + fgets(comm, 200, fptr); + fgets(comm, 200, fptr); +@@ -2777,7 +2771,6 @@ BUILT_IN_COMMAND(e_hostname) + } + } + fclose(fptr); +- unlink(filename); + for (new = virtuals, i = 1; virtuals; i++) + { + new = virtuals; -- cgit v1.2.3