$NetBSD: patch-ag,v 1.1 2003/03/29 21:20:30 salo Exp $

Fixes potential remote buffer overflows.  See the following url for more
details:  http://securityfocus.com/archive/1/315057

Patch by caf@guarana.org.

--- source/banlist.c.orig	2002-02-28 05:22:46.000000000 +0100
+++ source/banlist.c	2003-03-29 21:30:20.000000000 +0100
@@ -264,9 +264,9 @@
 char * ban_it(char *nick, char *user, char *host, char *ip)
 {
 static char banstr[BIG_BUFFER_SIZE/4+1];
-char *tmpstr = NULL;
 char *t = user;
 char *t1 = user;
+char *tmp;
 	
 	*banstr = 0;
 	while (strlen(t1)>9)
@@ -277,33 +277,40 @@
 		case 7:
 			if (ip)
 			{
-				sprintf(banstr, "*!*@%s", cluster(ip));
+				snprintf(banstr, sizeof banstr, "*!*@%s",
+					cluster(ip));
 				break;
 			}
 		case 2: /* Better 	*/
-			sprintf(banstr, "*!*%s@%s", t1, cluster(host));
+			snprintf(banstr, sizeof banstr, "*!*%s@%s", t1,
+				cluster(host));
 			break;
 		case 3: /* Host 	*/
-			sprintf(banstr, "*!*@%s", host);
+			snprintf(banstr, sizeof banstr, "*!*@%s", host);
 			break;
 		case 4: /* Domain	*/
-			sprintf(banstr, "*!*@*%s", strrchr(host, '.'));
+			tmp = strrchr(host, '.');
+			if (tmp)
+				snprintf(banstr, sizeof banstr, "*!*@*%s",
+					tmp);
+			else
+				snprintf(banstr, sizeof banstr, "*!*@%s", 
+					host);
 			break;
 		case 5: /* User		*/
-			sprintf(banstr, "*!%s@%s", t, cluster(host));
+			snprintf(banstr, sizeof banstr, "*!%s@%s", t,
+				cluster(host));
 			break;
 		case 6: /* Screw 	*/
-			malloc_sprintf(&tmpstr, "*!*%s@%s", t1, host);
-			strcpy(banstr, screw(tmpstr));
-			new_free(&tmpstr);
+			snprintf(banstr, sizeof banstr, "*!*%s@%s", t1, host);
+			screw(banstr);
 			break;
 		case 1:	/* Normal 	*/
 		default:
-		{
-			sprintf(banstr, "%s!*%s@%s", nick, t1, host);
+			snprintf(banstr, sizeof banstr, "%s!*%s@%s", nick, t1,
+				host);
 			break;
 		}
-	}
 	return banstr;
 }