head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.46 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.44 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.42 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.40 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.38 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.36 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.34 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.32 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.30 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.28 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.26 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.24 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.22 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.20 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.18 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.16 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.14 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.12 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.0.10 pkgsrc-2004Q3-base:1.1 pkgsrc-2004Q2:1.1.0.8 pkgsrc-2004Q2-base:1.1 pkgsrc-2004Q1:1.1.0.6 pkgsrc-2004Q1-base:1.1 pkgsrc-2003Q4:1.1.0.4 pkgsrc-2003Q4-base:1.1 netbsd-1-6-1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2004.11.26.11.39.05; author adam; state dead; branches; next 1.1; 1.1 date 2003.03.29.21.20.30; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2003.03.29.21.20.30; author grant; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2003.04.06.20.59.01; author grant; state Exp; branches; next ; desc @@ 1.2 log @Changes 1.1: * Fixed bug with using [$8] in expressions (Reported by BlackJac) (Patch from |Rain|) (BugID: 64) (powuh) * Fixed bug in /set show_end_of_msgs. When OFF prevented hooking of some end_of_msg numerics. (Reported by BlackJac) (Patch from |Rain|) (BugID: 51) (powuh) * Fixed incorrect ordering of operations in screen.c which caused an off-by-one access at the end ofthe buffer. (Patch from |Rain|) (BugID: 48) (powuh) * Fixed ischanvoice() to be compatiable with epic. Maintained reverse functionality as not to break existing scripts. (Patch from |Rain|) (BugID: 20) (powuh) * Fixed segfault with convert_output_format not honoring MAX_RECURSE. (Patch from |Rain|) (powuh) * Fixed possble rouge server exploit: If a rogue server sends us a ctcp request from an extremely large nickname (over about 512 bytes), we may attempt to alloca() a negative value, which under gcc will return a invalid pointer the contents of which will then be overwritten. (Reported by O_6) (Patch from |Rain|) (powuh) * Fixed segfault with channel mode parsing. (Patch from O_6) (powuh) * Removed auto_resume script, it's not needed any more (caf). * Fixed string copying snafu in gtkbitchx.c (reported by Huey) (caf). * Added STATUS_USER20 to STATUS_USER39 (patch from BlackJac) (caf). @ text @$NetBSD: patch-al,v 1.1 2003/03/29 21:20:30 salo Exp $ Fixes potential remote buffer overflows. See the following url for more details: http://securityfocus.com/archive/1/315057 Patch by caf@@guarana.org. --- source/numbers.c.orig 2002-02-28 05:22:50.000000000 +0100 +++ source/numbers.c 2003-03-29 21:56:55.000000000 +0100 @@@@ -354,26 +354,29 @@@@ set_display_target(chan, LOG_CURRENT); PasteArgs(ArgList, 0); - strcpy(buffer, ArgList[0]); + strlcpy(buffer, ArgList[0], sizeof buffer); switch(-current_numeric) { case 437: - strcat(buffer, " (Channel is temporarily unavailable)"); + strlcat(buffer, + " (Channel is temporarily unavailable)", + sizeof buffer); break; case 471: - strcat(buffer, " (Channel is full)"); + strlcat(buffer, " (Channel is full)", sizeof buffer); break; case 473: - strcat(buffer, " (You must be invited)"); + strlcat(buffer, " (You must be invited)", + sizeof buffer); break; case 474: - strcat(buffer, " (You are banned)"); + strlcat(buffer, " (You are banned)", sizeof buffer); break; case 475: - strcat(buffer, " (Bad channel key)"); + strlcat(buffer, " (Bad channel key)", sizeof buffer); break; case 476: - strcat(buffer, " (Bad channel mask)"); + strlcat(buffer, " (Bad channel mask)", sizeof buffer); break; default: return; @@@@ -385,7 +388,6 @@@@ reset_display_target(); } - int handle_server_stats(char *from, char **ArgList, int comm) { static int norm = 0, @ 1.1 log @Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen , see the following url for more details: http://securityfocus.com/archive/1/315057 Patch from bugtraq by . @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-al was added on branch netbsd-1-6-1 on 2003-04-06 20:59:01 +0000 @ text @d1 54 @ 1.1.2.2 log @Add new file (requested by salo in ticket #1239): Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen @ text @a0 54 $NetBSD: patch-al,v 1.1.2.1 2003/04/06 20:59:01 grant Exp $ Fixes potential remote buffer overflows. See the following url for more details: http://securityfocus.com/archive/1/315057 Patch by caf@@guarana.org. --- source/numbers.c.orig 2002-02-28 05:22:50.000000000 +0100 +++ source/numbers.c 2003-03-29 21:56:55.000000000 +0100 @@@@ -354,26 +354,29 @@@@ set_display_target(chan, LOG_CURRENT); PasteArgs(ArgList, 0); - strcpy(buffer, ArgList[0]); + strlcpy(buffer, ArgList[0], sizeof buffer); switch(-current_numeric) { case 437: - strcat(buffer, " (Channel is temporarily unavailable)"); + strlcat(buffer, + " (Channel is temporarily unavailable)", + sizeof buffer); break; case 471: - strcat(buffer, " (Channel is full)"); + strlcat(buffer, " (Channel is full)", sizeof buffer); break; case 473: - strcat(buffer, " (You must be invited)"); + strlcat(buffer, " (You must be invited)", + sizeof buffer); break; case 474: - strcat(buffer, " (You are banned)"); + strlcat(buffer, " (You are banned)", sizeof buffer); break; case 475: - strcat(buffer, " (Bad channel key)"); + strlcat(buffer, " (Bad channel key)", sizeof buffer); break; case 476: - strcat(buffer, " (Bad channel mask)"); + strlcat(buffer, " (Bad channel mask)", sizeof buffer); break; default: return; @@@@ -385,7 +388,6 @@@@ reset_display_target(); } - int handle_server_stats(char *from, char **ArgList, int comm) { static int norm = 0, @