Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 May 2013 14:21:35 +0000 (UTC)
From:      Jase Thew <jase@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r319313 - in head/irc/znc: . files
Message-ID:  <201305281421.r4SELZZa002078@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jase
Date: Tue May 28 14:21:35 2013
New Revision: 319313
URL: http://svnweb.freebsd.org/changeset/ports/319313

Log:
  - Add patch to fix null pointer dereferences in webadmin module
  
  Reported by:	    Albert Kult (via email)
  Obtained from:	    https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28
  Security:	    19751e06-c798-11e2-a373-000c29833058

Added:
  head/irc/znc/files/patch-modules-webadmin_cpp   (contents, props changed)
Modified:
  head/irc/znc/Makefile

Modified: head/irc/znc/Makefile
==============================================================================
--- head/irc/znc/Makefile	Tue May 28 14:07:30 2013	(r319312)
+++ head/irc/znc/Makefile	Tue May 28 14:21:35 2013	(r319313)
@@ -3,6 +3,7 @@
 
 PORTNAME=	znc
 PORTVERSION=	1.0
+PORTREVISION=	1
 CATEGORIES=	irc ipv6
 MASTER_SITES=	http://znc.in/releases/
 

Added: head/irc/znc/files/patch-modules-webadmin_cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/irc/znc/files/patch-modules-webadmin_cpp	Tue May 28 14:21:35 2013	(r319313)
@@ -0,0 +1,38 @@
+--- modules/webadmin.cpp.orig	2012-11-06 16:02:20.000000000 +0000
++++ modules/webadmin.cpp	2013-05-28 12:43:53.258581961 +0100
+@@ -404,7 +404,7 @@
+ 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+ 			// Admin||Self Check
+-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
++			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+ 				return false;
+ 			}
+ 
+@@ -433,7 +433,7 @@
+ 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+ 			// Admin||Self Check
+-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
++			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+ 				return false;
+ 			}
+ 
+@@ -457,7 +457,7 @@
+ 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+ 			// Admin||Self Check
+-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
++			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+ 				return false;
+ 			}
+ 
+@@ -471,7 +471,7 @@
+ 			CIRCNetwork* pNetwork = SafeGetNetworkFromParam(WebSock);
+ 
+ 			// Admin||Self Check
+-			if (!spSession->IsAdmin() && (!spSession->GetUser() || spSession->GetUser() != pNetwork->GetUser())) {
++			if (!spSession->IsAdmin() && (!spSession->GetUser() || !pNetwork || spSession->GetUser() != pNetwork->GetUser())) {
+ 				return false;
+ 			}
+

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305281421.r4SELZZa002078>