[cvslog] [CVS] Module eggdrop1.6: Change committed

cvs at eggheads.org cvs at eggheads.org
Sat May 16 07:17:05 CST 2009


Committer  : cvs
CVSROOT    : /usr/local/cvsroot
Module     : eggdrop1.6
Commit time: 2009-05-16 13:17:05 UTC

Modified files:
     doc/Changes1.6 src/patch.h src/users.c

Log message:

Fixed potential buffer overflow in readuserfile() that can occur on a leaf bot when a hub attempts to share ban/invite/exempt masks for a large number of channels that the leaf does not monitor.
Fixes Bugzilla Bug # 471 "Buffer overflow in src/users.c"

Found by: FireEgl / Patch by: pseudo

---------------------- diff included ----------------------
Index: eggdrop1.6/doc/Changes1.6
diff -u eggdrop1.6/doc/Changes1.6:1.24 eggdrop1.6/doc/Changes1.6:1.25
--- eggdrop1.6/doc/Changes1.6:1.24	Sat May 16 05:25:27 2009
+++ eggdrop1.6/doc/Changes1.6	Sat May 16 07:16:55 2009
@@ -1,4 +1,4 @@
-$Id: Changes1.6,v 1.24 2009/05/16 11:25:27 tothwolf Exp $
+$Id: Changes1.6,v 1.25 2009/05/16 13:16:55 tothwolf Exp $
 
 Eggdrop Changes (since version 1.6.0)
 
@@ -6,6 +6,12 @@
 
 1.6.20 (CVS):
 
+  - Fixed potential buffer overflow in readuserfile() that can occur on a
+    leaf bot when a hub attempts to share ban/invite/exempt masks for a
+    large number of channels that the leaf does not monitor.
+    Fixes Bugzilla Bug # 471 "Buffer overflow in src/users.c"
+    Found by: FireEgl / Patch by: pseudo
+
   - Updated masktype selection documentation for tcl_maskhost and ban-type.
     Patch by: pseudo
 
Index: eggdrop1.6/src/patch.h
diff -u eggdrop1.6/src/patch.h:1.1202 eggdrop1.6/src/patch.h:1.1203
--- eggdrop1.6/src/patch.h:1.1202	Thu May  7 16:01:41 2009
+++ eggdrop1.6/src/patch.h	Sat May 16 07:16:55 2009
@@ -10,7 +10,7 @@
  * statement, leave the rest of the file alone, this allows better
  * overlapping patches.
  *
- * $Id: patch.h,v 1.1202 2009/05/07 22:01:41 tothwolf Exp $
+ * $Id: patch.h,v 1.1203 2009/05/16 13:16:55 tothwolf Exp $
  */
 /*
  * Copyright (C) 1997 Robey Pointer
@@ -41,12 +41,12 @@
  *
  *
  */
-patch("1241732502");            /* current unixtime */
+patch("1242479709");            /* current unixtime */
 /*
  *
  *
  */
-patch("masktype");
+patch("ignchans");
 /*
  *
  *
Index: eggdrop1.6/src/users.c
diff -u eggdrop1.6/src/users.c:1.53 eggdrop1.6/src/users.c:1.54
--- eggdrop1.6/src/users.c:1.53	Fri Oct 31 18:40:03 2008
+++ eggdrop1.6/src/users.c	Sat May 16 07:16:55 2009
@@ -10,7 +10,7 @@
  *
  * dprintf'ized, 9nov1995
  *
- * $Id: users.c,v 1.53 2008/11/01 00:40:03 tothwolf Exp $
+ * $Id: users.c,v 1.54 2009/05/16 13:16:55 tothwolf Exp $
  */
 /*
  * Copyright (C) 1997 Robey Pointer
@@ -674,7 +674,7 @@
   struct userrec *bu, *u = NULL;
   struct chanset_t *cst = NULL;
   int i;
-  char ignored[512];
+  char ignored[LOGLINEMAX]; /* putlog() will truncate anything larger anyway */
   struct flag_record fr;
   struct chanuserrec *cr;
 
@@ -794,8 +794,10 @@
             strcpy(s1, lasthand);
             strcat(s1, " ");
             if (strstr(ignored, s1) == NULL) {
-              strcat(ignored, lasthand);
-              strcat(ignored, " ");
+              strncat(ignored, lasthand,
+                      sizeof(ignored) - 1 - strlen(ignored));
+              strncat(ignored, " ",
+                      sizeof(ignored) - 1 - strlen(ignored));
             }
             lasthand[0] = 0;
           } else {
@@ -820,8 +822,10 @@
             strcpy(s1, lasthand);
             strcat(s1, " ");
             if (strstr(ignored, s1) == NULL) {
-              strcat(ignored, lasthand);
-              strcat(ignored, " ");
+              strncat(ignored, lasthand,
+                      sizeof(ignored) - 1 - strlen(ignored));
+              strncat(ignored, " ",
+                      sizeof(ignored) - 1 - strlen(ignored));
             }
             lasthand[0] = 0;
           } else {
@@ -846,8 +850,10 @@
             strcpy(s1, lasthand);
             strcat(s1, " ");
             if (strstr(ignored, s1) == NULL) {
-              strcat(ignored, lasthand);
-              strcat(ignored, " ");
+              strncat(ignored, lasthand,
+                      sizeof(ignored) - 1 - strlen(ignored));
+              strncat(ignored, " ",
+                      sizeof(ignored) - 1 - strlen(ignored));
             }
             lasthand[0] = 0;
           } else {
----------------------- End of diff -----------------------



More information about the Changes mailing list