[cvslog] (2007-10-17 07:42:51 UTC) Module eggdrop1.6: Change committed!

cvslog cvs at tsss.org
Wed Oct 17 01:42:51 CST 2007


CVSROOT    : /usr/local/cvsroot
Module     : eggdrop1.6
Commit time: 2007-10-17 07:42:50 UTC
Commited by: Will Buckner <wcc at techmonkeys.org>

Modified files:
     doc/UPDATES1.6 src/mod/server.mod/servmsg.c

Log message:

- Fixed two buffer overflows in servmsg.c.
* Found by: Bow Sineath - Patch by: Nico Golde / Wcc

---------------------- diff included ----------------------
Index: eggdrop1.6/doc/UPDATES1.6
diff -u eggdrop1.6/doc/UPDATES1.6:1.632 eggdrop1.6/doc/UPDATES1.6:1.633
--- eggdrop1.6/doc/UPDATES1.6:1.632	Mon Nov 20 05:38:25 2006
+++ eggdrop1.6/doc/UPDATES1.6	Wed Oct 17 02:42:40 2007
@@ -1,4 +1,4 @@
-$Id: UPDATES1.6,v 1.632 2006-11-20 11:38:25 tothwolf Exp $
+$Id: UPDATES1.6,v 1.633 2007-10-17 07:42:40 wcc Exp $
 
 Eggdrop Changes (since v1.6.0)
     _____________________________________________________________________
@@ -12,6 +12,9 @@
 
 
   1.6.19:
+    - Fixed two buffer overflows in servmsg.c.
+    * Found by: Bow Sineath - Patch by: Nico Golde / Wcc
+
     - Fixed compatibility problems with certain time_t implementations.
     * Found by: various - Patch by: Tothwolf
 
Index: eggdrop1.6/src/mod/server.mod/servmsg.c
diff -u eggdrop1.6/src/mod/server.mod/servmsg.c:1.92 eggdrop1.6/src/mod/server.mod/servmsg.c:1.93
--- eggdrop1.6/src/mod/server.mod/servmsg.c:1.92	Fri Apr 20 23:38:29 2007
+++ eggdrop1.6/src/mod/server.mod/servmsg.c	Wed Oct 17 02:42:40 2007
@@ -1,7 +1,7 @@
 /*
  * servmsg.c -- part of server.mod
  *
- * $Id: servmsg.c,v 1.92 2007-04-21 04:38:29 wcc Exp $
+ * $Id: servmsg.c,v 1.93 2007-10-17 07:42:40 wcc Exp $
  */
 /*
  * Copyright (C) 1997 Robey Pointer
@@ -461,7 +461,7 @@
   to = newsplit(&msg);
   fixcolon(msg);
   /* Only check if flood-ctcp is active */
-  strcpy(uhost, from);
+  strncpyz(uhost, from, sizeof(buf));
   nick = splitnick(&uhost);
   if (flud_ctcp_thr && detect_avalanche(msg)) {
     if (!ignoring) {
@@ -471,7 +471,7 @@
         p++;
       else
         p = uhost;
-      simple_sprintf(ctcpbuf, "*!*@%s", p);
+      egg_snprintf(ctcpbuf, sizeof(ctcpbuf), "*!*@%s", p);
       addignore(ctcpbuf, botnetnick, "ctcp avalanche",
                 now + (60 * ignore_time));
     }
@@ -486,8 +486,12 @@
       p++;
     if (*p == 1) {
       *p = 0;
-      ctcp = strcpy(ctcpbuf, p1);
-      strcpy(p1 - 1, p + 1);
+      strncpyz(ctcpbuf, p1, sizeof(ctcpbuf));
+      ctcp = p1;
+      /* copy the part after the second : in front of it after
+       * the first :, this is temporary copied to ctcpbuf */
+      strncpy(p1 - 1, p + 1, strlen(ctcpbuf) - 1);
+
       if (!ignoring)
         detect_flood(nick, uhost, from,
                      strncmp(ctcp, "ACTION ", 7) ? FLOOD_CTCP : FLOOD_PRIVMSG);
----------------------- End of diff -----------------------



More information about the Changes mailing list