tags patch
quit
Christoph Biedl wrote...
(...)
I did some tests:
> Can you please check whether the etch version of ngircd is affected
> (I'd be really surprised if not)
It is.
> The
> diff between 0.10.2 and 0.10.3 is quite short and seems to apply.
See the patch attached for a fix. Works for me.
Christoph
#! /bin/sh /usr/share/dpatch/dpatch-run
## 90-remote-vulnerability.dpatch by <Christoph Biedl <[EMAIL PROTECTED]>>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
@DPATCH@
diff -urNad ngircd-0.10.0~/src/ngircd/irc-channel.c
ngircd-0.10.0/src/ngircd/irc-channel.c
--- ngircd-0.10.0~/src/ngircd/irc-channel.c 2006-03-16 21:14:16.000000000
+0100
+++ ngircd-0.10.0/src/ngircd/irc-channel.c 2007-11-20 00:23:43.000000000
+0100
@@ -52,7 +52,9 @@
assert( Req != NULL );
/* Bad number of arguments? */
- if(( Req->argc > 2 )) return IRC_WriteStrClient( Client,
ERR_NEEDMOREPARAMS_MSG, Client_ID( Client ), Req->command );
+ if (Req->argc < 1 || Req->argc > 2)
+ return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
+ Client_ID(Client), Req->command);
/* Who is the sender? */
if( Client_Type( Client ) == CLIENT_SERVER ) target = Client_Search(
Req->prefix );