SOURCES: eggdrop-CVE-2007-2807.patch (NEW) - new, based on http://...
adamg
adamg at pld-linux.org
Sat Sep 15 10:28:53 CEST 2007
Author: adamg Date: Sat Sep 15 08:28:53 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new, based on http://nion.modprobe.de/01_CVE-2007-2807_servmsg.patch
---- Files affected:
SOURCES:
eggdrop-CVE-2007-2807.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/eggdrop-CVE-2007-2807.patch
diff -u /dev/null SOURCES/eggdrop-CVE-2007-2807.patch:1.1
--- /dev/null Sat Sep 15 10:28:53 2007
+++ SOURCES/eggdrop-CVE-2007-2807.patch Sat Sep 15 10:28:48 2007
@@ -0,0 +1,36 @@
+--- eggdrop/src~/mod/server.mod/servmsg.c 2007-08-12 16:39:34.000000000 +0200
++++ eggdrop/src/mod/server.mod/servmsg.c 2007-08-12 16:39:52.000000000 +0200
+@@ -461,7 +461,8 @@
+ to = newsplit(&msg);
+ fixcolon(msg);
+ /* Only check if flood-ctcp is active */
+- strcpy(uhost, from);
++ strncpy(uhost, from, sizeof(buf));
++ buf[sizeof(buf) - 1] = '\0';
+ nick = splitnick(&uhost);
+ if (flud_ctcp_thr && detect_avalanche(msg)) {
+ if (!ignoring) {
+@@ -471,7 +472,7 @@
+ p++;
+ else
+ p = uhost;
+- simple_sprintf(ctcpbuf, "*!*@%s", p);
++ snprintf(ctcpbuf, sizeof(ctcpbuf), "*!*@%s", p);
+ addignore(ctcpbuf, botnetnick, "ctcp avalanche",
+ now + (60 * ignore_time));
+ }
+@@ -486,8 +487,12 @@
+ p++;
+ if (*p == 1) {
+ *p = 0;
+- ctcp = strcpy(ctcpbuf, p1);
+- strcpy(p1 - 1, p + 1);
++ ctcp = strncpy(ctcpbuf, p1, sizeof(ctcpbuf));
++ ctcpbuf[sizeof(ctcpbuf) - 1] = '\0';
++ /* copy the part after the second : in front of it after
++ * the first :, this is temporary copied to ctcpbuf */
++ strncpy(p1 - 1, p + 1, strlen(ctcpbuf) - 1);
++
+ if (!ignoring)
+ detect_flood(nick, uhost, from,
+ strncmp(ctcp, "ACTION ", 7) ? FLOOD_CTCP : FLOOD_PRIVMSG);
================================================================
More information about the pld-cvs-commit
mailing list