head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.46 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.44 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.42 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.40 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.38 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.36 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.34 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.32 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.30 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.28 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.26 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.24 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.22 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.20 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.18 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.16 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.14 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.12 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.0.10 pkgsrc-2004Q3-base:1.1 pkgsrc-2004Q2:1.1.0.8 pkgsrc-2004Q2-base:1.1 pkgsrc-2004Q1:1.1.0.6 pkgsrc-2004Q1-base:1.1 pkgsrc-2003Q4:1.1.0.4 pkgsrc-2003Q4-base:1.1 netbsd-1-6-1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2004.11.26.11.39.05; author adam; state dead; branches; next 1.1; 1.1 date 2003.03.29.21.20.30; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2003.03.29.21.20.30; author grant; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2003.04.06.20.58.50; author grant; state Exp; branches; next ; desc @@ 1.2 log @Changes 1.1: * Fixed bug with using [$8] in expressions (Reported by BlackJac) (Patch from |Rain|) (BugID: 64) (powuh) * Fixed bug in /set show_end_of_msgs. When OFF prevented hooking of some end_of_msg numerics. (Reported by BlackJac) (Patch from |Rain|) (BugID: 51) (powuh) * Fixed incorrect ordering of operations in screen.c which caused an off-by-one access at the end ofthe buffer. (Patch from |Rain|) (BugID: 48) (powuh) * Fixed ischanvoice() to be compatiable with epic. Maintained reverse functionality as not to break existing scripts. (Patch from |Rain|) (BugID: 20) (powuh) * Fixed segfault with convert_output_format not honoring MAX_RECURSE. (Patch from |Rain|) (powuh) * Fixed possble rouge server exploit: If a rogue server sends us a ctcp request from an extremely large nickname (over about 512 bytes), we may attempt to alloca() a negative value, which under gcc will return a invalid pointer the contents of which will then be overwritten. (Reported by O_6) (Patch from |Rain|) (powuh) * Fixed segfault with channel mode parsing. (Patch from O_6) (powuh) * Removed auto_resume script, it's not needed any more (caf). * Fixed string copying snafu in gtkbitchx.c (reported by Huey) (caf). * Added STATUS_USER20 to STATUS_USER39 (patch from BlackJac) (caf). @ text @$NetBSD: patch-ak,v 1.1 2003/03/29 21:20:30 salo Exp $ Fixes potential remote buffer overflows. See the following url for more details: http://securityfocus.com/archive/1/315057 Patch by caf@@guarana.org. --- source/notice.c.orig 2003-03-29 21:55:24.000000000 +0100 +++ source/notice.c 2003-03-29 21:55:51.000000000 +0100 @@@@ -425,7 +425,7 @@@@ int conn = !strncmp(line+7, "connect", 7) ? 1 : 0; int dalnet = 0, ircnet = 0; - if (*(line+18) == ':') + if (strlen(line) >= 19 && line[18] == ':') q = NULL; else dalnet = (q == NULL); @ 1.1 log @Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen , see the following url for more details: http://securityfocus.com/archive/1/315057 Patch from bugtraq by . @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ak was added on branch netbsd-1-6-1 on 2003-04-06 20:58:50 +0000 @ text @d1 18 @ 1.1.2.2 log @Add new file (requested by salo in ticket #1239): Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen @ text @a0 18 $NetBSD: patch-ak,v 1.1.2.1 2003/04/06 20:58:50 grant Exp $ Fixes potential remote buffer overflows. See the following url for more details: http://securityfocus.com/archive/1/315057 Patch by caf@@guarana.org. --- source/notice.c.orig 2003-03-29 21:55:24.000000000 +0100 +++ source/notice.c 2003-03-29 21:55:51.000000000 +0100 @@@@ -425,7 +425,7 @@@@ int conn = !strncmp(line+7, "connect", 7) ? 1 : 0; int dalnet = 0, ircnet = 0; - if (*(line+18) == ':') + if (strlen(line) >= 19 && line[18] == ':') q = NULL; else dalnet = (q == NULL); @