[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch for TkServ security bugs
- To: ircd-users@xxxxxxx
- Subject: Patch for TkServ security bugs
- From: kl@xxxxxxxx (Kaspar Landsberg)
- Date: Mon, 5 Mar 2001 23:23:12 +0100
- Delivered-to: ircd-users-out@irc.org
- Delivered-to: ircd-users@irc.org
Hi,
this concerns the security bugs mentioned in a mail on bugtraq.
thanks for the ircd hacker team for producing the patch below!
Bye, Kasi
PS: i am currently not on this list so please CC me any mails that should
be read by me.
--- cut here ---
c) was fixed in cvs already
for a) and b):
--- irc2.10.3/contrib/tkserv/tkserv.c Fri Apr 28 18:43:40 2000
+++ irc2.10.3p2/contrib/tkserv/tkserv.c Mon Mar 5 22:08:31 2001
@@ -348,2 +351,3 @@
{
+ free(access_uh);
tks_log("Corrupt access file. RTFM. :-)");
@@ -358,2 +362,3 @@
{
+ free(access_uh);
return(0);
@@ -368,2 +373,3 @@
+ free(access_uh);
return(1);
@@ -854,3 +900,3 @@
pattern = args[6];
- strcpy(reason, args[7]);
+ strncpy(reason, args[7],sizeof(reason)-1);
i = 8;
--- cut here ---
--
Kaspar Landsberg, <kl@xxxxxxxx>