Package: ircd-ratbox
Severity: grave
Tags: security patch
Hi
DSA-1980-1 has fixed two issues in ircd-ratbox, patches attached. Please
include them in the next upload.
Cheers
Steffen
--- ircd-hybrid-7.2.2.dfsg.2.orig/src/irc_string.c
+++ ircd-hybrid-7.2.2.dfsg.2/src/irc_string.c
@@ -103,7 +103,9 @@
}
else
*d++ = *src;
- ++src, --len;
+ if (len > 0) {
+ ++src, --len;
+ }
}
*d = '\0';
return dest;
--- ircd-ratbox/branches/RATBOX_3_0/src/cache.c 2008/12/18 03:49:48 26334
+++ ircd-ratbox/branches/RATBOX_3_0/src/cache.c 2010/01/22 17:26:08 26732
@@ -114,12 +114,25 @@
struct cachefile *cacheptr;
struct cacheline *lineptr;
char line[BUFSIZE];
+ struct stat st;
+
char *p;
if((in = fopen(filename, "r")) == NULL)
return NULL;
-
+ /* check and make sure we have something that is a file... */
+ if(fstat(fileno(in), &st) == -1)
+ {
+ fclose(in);
+ return NULL;
+ }
+ if(!S_ISREG(st.st_mode))
+ {
+ fclose(in);
+ return NULL;
+ }
+
cacheptr = rb_malloc(sizeof(struct cachefile));
rb_strlcpy(cacheptr->name, shortname, sizeof(cacheptr->name));
@@ -140,7 +153,11 @@
else
rb_dlinkAddTailAlloc(emptyline, &cacheptr->contents);
}
-
+ if(rb_dlink_list_length(&cacheptr->contents) == 0)
+ {
+ rb_free(cacheptr);
+ cacheptr = NULL;
+ }
fclose(in);
return cacheptr;
}
@@ -222,6 +239,7 @@
struct stat sb;
#endif
+
/* opers must be done first */
helpfile_dir = opendir(HPATH);
@@ -232,7 +250,8 @@
{
rb_snprintf(filename, sizeof(filename), "%s/%s", HPATH, ldirent->d_name);
cacheptr = cache_file(filename, ldirent->d_name, HELP_OPER);
- add_to_help_hash(cacheptr->name, cacheptr);
+ if(cacheptr != NULL)
+ add_to_help_hash(cacheptr->name, cacheptr);
}
closedir(helpfile_dir);
@@ -265,7 +284,8 @@
#endif
cacheptr = cache_file(filename, ldirent->d_name, HELP_USER);
- add_to_help_hash(cacheptr->name, cacheptr);
+ if(cacheptr != NULL)
+ add_to_help_hash(cacheptr->name, cacheptr);
}
closedir(helpfile_dir);
