Package: hybserv Version: 1.9.2-4 Severity: important Tags: patch Hi,
sending 'PRIVMSG memoserv :help \t' crashes hybserv. GiveHelp is called with command="\t", so SplitBuf(command, &cav) at helpserv.c:365 returns 0, and the next line calls strlcpy() with src == NULL. I fixed this by replacing "while (*buf == ' ')" with "while (IsSpace(*buf))" in mystring.c:145. This way the first parsing in ms_process() returns 1, and m_help() calls GiveHelp with command == NULL, avoiding the crash. All of mystring.c, memoserv.c and helpserv.c seem to be unchanged between 1.9.2 and 1.9.4 so I'm pretty sure it's not fixed in any upstream release. Cheers, Julien -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
