Package: ircd-ratbox Severity: grave Tags: security patch Hi
DSA-1980-1 has fixed two issues in ircd-ratbox, patches attached. Please include them in the next upload. Cheers Steffen
--- ircd-hybrid-7.2.2.dfsg.2.orig/src/irc_string.c +++ ircd-hybrid-7.2.2.dfsg.2/src/irc_string.c @@ -103,7 +103,9 @@ } else *d++ = *src; - ++src, --len; + if (len > 0) { + ++src, --len; + } } *d = '\0'; return dest;
--- ircd-ratbox/branches/RATBOX_3_0/src/cache.c 2008/12/18 03:49:48 26334 +++ ircd-ratbox/branches/RATBOX_3_0/src/cache.c 2010/01/22 17:26:08 26732 @@ -114,12 +114,25 @@ struct cachefile *cacheptr; struct cacheline *lineptr; char line[BUFSIZE]; + struct stat st; + char *p; if((in = fopen(filename, "r")) == NULL) return NULL; - + /* check and make sure we have something that is a file... */ + if(fstat(fileno(in), &st) == -1) + { + fclose(in); + return NULL; + } + if(!S_ISREG(st.st_mode)) + { + fclose(in); + return NULL; + } + cacheptr = rb_malloc(sizeof(struct cachefile)); rb_strlcpy(cacheptr->name, shortname, sizeof(cacheptr->name)); @@ -140,7 +153,11 @@ else rb_dlinkAddTailAlloc(emptyline, &cacheptr->contents); } - + if(rb_dlink_list_length(&cacheptr->contents) == 0) + { + rb_free(cacheptr); + cacheptr = NULL; + } fclose(in); return cacheptr; } @@ -222,6 +239,7 @@ struct stat sb; #endif + /* opers must be done first */ helpfile_dir = opendir(HPATH); @@ -232,7 +250,8 @@ { rb_snprintf(filename, sizeof(filename), "%s/%s", HPATH, ldirent->d_name); cacheptr = cache_file(filename, ldirent->d_name, HELP_OPER); - add_to_help_hash(cacheptr->name, cacheptr); + if(cacheptr != NULL) + add_to_help_hash(cacheptr->name, cacheptr); } closedir(helpfile_dir); @@ -265,7 +284,8 @@ #endif cacheptr = cache_file(filename, ldirent->d_name, HELP_USER); - add_to_help_hash(cacheptr->name, cacheptr); + if(cacheptr != NULL) + add_to_help_hash(cacheptr->name, cacheptr); } closedir(helpfile_dir);