Date: Thu, 2 Mar 2006 18:46:46 +0100 (CET) From: Ed Schouten <ed@fxq.nl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/94031: [irc/irssi] Patch DCC ACCEPT parameter handling Message-ID: <20060302174646.B347117095@palm.hoeg.nl> Resent-Message-ID: <200603021750.k22Ho7KD066811@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 94031 >Category: ports >Synopsis: [irc/irssi] Patch DCC ACCEPT parameter handling >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 02 17:50:07 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Ed Schouten >Release: FreeBSD 5.5-PRERELEASE i386 >Organization: Dispuut Interlink - http://il.fontys.nl/ >Environment: System: FreeBSD palm.hoeg.nl 5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Thu Mar 2 11:02:14 CET 2006 root@palm.hoeg.nl:/usr/obj/usr/src/sys/PALM i386 >Description: >From the following Secunia entry: http://secunia.com/advisories/19090 "Scott Sinclair has reported a vulnerability in irssi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "dcc_ctcp_resume_parse()" function in "dcc-resume.c". This can be exploited to crash a vulnerable client by sending a specially crafted DCC ACCEPT message with too few parameters." >How-To-Repeat: n/a >Fix: The following patch is based on work by the Ubuntu security team. %%% --- src/irc/dcc/dcc-resume.c +++ src/irc/dcc/dcc-resume.c @@ -89,6 +89,9 @@ params = g_strsplit(data, " ", -1); paramcount = strarray_length(params); + if (paramcount < 3) + return 0; + fileparams = get_file_params_count_resume(params, paramcount); if (paramcount >= fileparams + 2) { %%% >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060302174646.B347117095>