Eggdev: [PATCH] CVE-2007-2807: stack-based buffer overflow

Jonathan Rudolph skralg at gmail.com
Fri Oct 26 10:26:11 CST 2007


This patch seems to break ctcp functionality in the two bots i've
tried it on, Debian and FreeBSD respectively.  They dont seem to see
the CTCP commands anymore, just showing that a user did a "CTCP :"
instead of a "CTCP TIME:" or any other CTCP.

Kind regards too,
simple


On 10/17/07, Nico Golde <nion at debian.org> wrote:
> Hi Will,
> * Will Buckner <wcc at techmonkeys.org> [2007-10-17 20:14]:
> > Extremely sorry for the late response. Your e-mail got caught up in our mailing
> > list approval queue :)
>
> Heh, no problem :)
>
> > Thanks for the patch; it has been committed (with slight
> > modifications) to CVS for Eggdrop 1.6.19.
> >
> > The only modifications I made were to use some of our macros for
> > snprintf/strncpy (egg_snprintf() and strncpyz() respectively). We have a
> > compatibility layer for systems that don't support snprintf(), and we use
> > strncpyz() in most places to replace strncpy().
>
> Ah ok, I was not aware of these issues but the patch should
> work too. Thanks for including it!
> Kind regards
> Nico
> --
> Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.
>
>



More information about the Eggdev mailing list