Your message dated Mon, 02 Jul 2012 15:47:47 +0000
with message-id <[email protected]>
and subject line Bug#452029: fixed in tinyirc 1:1.1.dfsg.1-2
has caused the Debian Bug report #452029,
regarding multiple possible null pointer references
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
452029: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452029
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tinyirc
Version: 1:1.1.dfsg.1-1
Severity: normal
Tags: security

During source code reading of tinyirc I stumbled over a 
problem:
tinyirc has many functions like:
 372 static int dotopic()
 373 {
 374     printf("*** %s set %s topic to \"%s\"", TOK[0], TOK[2],
 375     TOK[3]);
 376     return 0;
 377 }

The problem here is that it never checks if TOK[3] for example is != NULL.
It just assumes it is there depending on the command it got by the server.
If the server has a bug or this is a malicious server the client would crash.
Its most obvious in the donumeric function:
 378 int donumeric(num)
 379 int num;
 380 {
 381     switch (num) {
 382     case 352:
 383     column = printf("%-14s %-10s %-3s %s@%s :", TOK[3], TOK[7],
 384     TOK[8], TOK[4], TOK[5]);
 385     return 9;
 386     case 311:

If you for example send ":foo 352 baz" as server this code will result in a
segmentation fault.
Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp0d6dGcT265.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: tinyirc
Source-Version: 1:1.1.dfsg.1-2

We believe that the bug you reported is fixed in the latest version of
tinyirc, which is due to be installed in the Debian FTP archive:

tinyirc_1.1.dfsg.1-2.debian.tar.gz
  to main/t/tinyirc/tinyirc_1.1.dfsg.1-2.debian.tar.gz
tinyirc_1.1.dfsg.1-2.dsc
  to main/t/tinyirc/tinyirc_1.1.dfsg.1-2.dsc
tinyirc_1.1.dfsg.1-2_amd64.deb
  to main/t/tinyirc/tinyirc_1.1.dfsg.1-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard R. Link <[email protected]> (supplier of updated tinyirc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 02 Jul 2012 16:52:42 +0200
Source: tinyirc
Binary: tinyirc
Architecture: source amd64
Version: 1:1.1.dfsg.1-2
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[email protected]>
Changed-By: Bernhard R. Link <[email protected]>
Description: 
 tinyirc    - a tiny IRC client
Closes: 441441 452029
Changes: 
 tinyirc (1:1.1.dfsg.1-2) unstable; urgency=low
 .
   * QA upload
   * set maintainer to Debian QA Group
   * split monolithic .diff into patches to make them more readable
   * record new upstream address and add homepage field (Closes: 441441)
   * use dpkg-buildflags (with hardening=+all)
   * fix NULL dereferences (Closes: 452029)
   * add build-arch and build-indep targets
   * add missing prerequisite of install target
   * update to new menu policy
Checksums-Sha1: 
 224c50a2dc0f5e29e1c5f456ab21574eb113474c 1711 tinyirc_1.1.dfsg.1-2.dsc
 82d9c71eb7f88bef01d7dc1de514540b7ecd0522 8289 
tinyirc_1.1.dfsg.1-2.debian.tar.gz
 57b04121ac79aeb69a1f63531f7a1e5d74cb506e 32340 tinyirc_1.1.dfsg.1-2_amd64.deb
Checksums-Sha256: 
 10bab817079723233fc0b4f6622184d3efb20d4c4d44fa3788b808f8636a1f3b 1711 
tinyirc_1.1.dfsg.1-2.dsc
 08e5a2982a0163ae5d110ab52d9b2482be804ffeaa2dfa72d19435aa2a11926a 8289 
tinyirc_1.1.dfsg.1-2.debian.tar.gz
 7fbf898568bd83061a68605d892a3ac3b73b357fddedb3b38f77a2c880b7494f 32340 
tinyirc_1.1.dfsg.1-2_amd64.deb
Files: 
 faa6b24b15e3163a19d46a672a0538a4 1711 net optional tinyirc_1.1.dfsg.1-2.dsc
 e99d2c94a42e0044da7161fc97432d95 8289 net optional 
tinyirc_1.1.dfsg.1-2.debian.tar.gz
 d66b71bdabef16afa2771191eb5ed2b0 32340 net optional 
tinyirc_1.1.dfsg.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJP8cEeAAoJEOxkTtbr1QJDYdAQAJ5aUIRb33Ch8lQqkLShRXez
U1hWdAJqp7SwLDQ1DsN3QOuKrmPnaKWQ9egEpJMdxD/1o53yzkXd+dClJlDDbzFI
6HT6YSZ2WsIH7Sr+b1G9IT9NfKbQpj8BGyQGy7NStP484wbBHqxbsLvhuPuahsDP
F7NQouITsZi/s2Qnq9bWtNFD9JSw91Nkd8RjVBXU1tW2pGIQkCah5Y+uJG/MCexp
xn9RP7uioeqP9HYk6neiBm/RtA5L9CCssFCBGRpObFcrGoXiMJUv4Z+ICGOj9OXf
+RRPs1ZubcWsAsZRT7jCdfpVSOp4u1Cg7betzk4HYMu54DUEFj1LyLtf5SBI9qn/
qDY31cKyxGB+eV0Y+7BG0pcDqSNtSosyvy8C3rBdNe1Q3d1fggz09lBnkvCdHgON
OrsKpLJyIJ2UprhLS75I61Zg/9ALL/zHCJJb7oJMCF9GSVlbEwuvG2+wA4IGNb23
sQtsB5s3H9S/oOT2cz6a0tOiFtM2Tcb+kBp+2NUflCdoLveV+72DhPi8OpoS3rEw
+cYWWsAOGBd5pwxqgBC0vbLWi5Rxe5PkRmw4/OR8Q/GwxDz/uQI611amZbPWJAXy
txNefZlfHUXvg7gg1WRlJufeZLwh7ffURHH4TN37ft52U8M0bXfVav+rJL4oznaM
/W1oAklEkGL3bsBZzgKc
=aLGR
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to