1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
$NetBSD: patch-aj,v 1.2 2003/05/14 20:09:13 salo Exp $
Fixes potential remote buffer overflows. See the following url for more
details: http://securityfocus.com/archive/1/315057
Patch by caf@guarana.org.
Fix major core bug with channel mode -k * on hybrid7 servers.
From BitchX CVS.
--- source/names.c.orig 2002-03-25 21:47:30.000000000 +0100
+++ source/names.c 2003-05-14 21:51:01.000000000 +0200
@@ -572,7 +572,7 @@
*nmodes = 0;
*nargs = 0;
- for (; *modes; modes++)
+ for (; *modes && (strlen(nmodes) + 2) < sizeof nmodes; modes++)
{
isbanned = isopped = isvoiced = 0;
switch (*modes)
@@ -742,7 +742,7 @@
/* modes which can be done multiple times are added here */
- for (tucm = ucm; tucm; tucm = tucm->next)
+ for (tucm = ucm; tucm && (strlen(nmodes) + 2) < sizeof nmodes; tucm = tucm->next)
{
if (tucm->o_ed)
{
@@ -1003,8 +1003,9 @@
malloc_strcpy(key, next_arg(rest, &rest));
else
{
- if (rest && *key && !my_strnicmp(rest, *key, strlen(*key)))
+ if (rest && *key && (!my_strnicmp(rest, *key, strlen(*key)) || rest[0] == '*'))
next_arg(rest, &rest);
+
new_free(key);
}
(*channel)->i_mode = -1;
|