From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Mar 2 17:50:09 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1464D16A420 for ; Thu, 2 Mar 2006 17:50:09 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id F263243D60 for ; Thu, 2 Mar 2006 17:50:07 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k22Ho73L066812 for ; Thu, 2 Mar 2006 17:50:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k22Ho7KD066811; Thu, 2 Mar 2006 17:50:07 GMT (envelope-from gnats) Resent-Date: Thu, 2 Mar 2006 17:50:07 GMT Resent-Message-Id: <200603021750.k22Ho7KD066811@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ed Schouten Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B006E16A420 for ; Thu, 2 Mar 2006 17:46:48 +0000 (GMT) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [83.98.131.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64C0043D5D for ; Thu, 2 Mar 2006 17:46:47 +0000 (GMT) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id B347117095; Thu, 2 Mar 2006 18:46:46 +0100 (CET) Message-Id: <20060302174646.B347117095@palm.hoeg.nl> Date: Thu, 2 Mar 2006 18:46:46 +0100 (CET) From: Ed Schouten To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/94031: [irc/irssi] Patch DCC ACCEPT parameter handling X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ed Schouten List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2006 17:50:09 -0000 >Number: 94031 >Category: ports >Synopsis: [irc/irssi] Patch DCC ACCEPT parameter handling >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 02 17:50:07 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Ed Schouten >Release: FreeBSD 5.5-PRERELEASE i386 >Organization: Dispuut Interlink - http://il.fontys.nl/ >Environment: System: FreeBSD palm.hoeg.nl 5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Thu Mar 2 11:02:14 CET 2006 root@palm.hoeg.nl:/usr/obj/usr/src/sys/PALM i386 >Description: >From the following Secunia entry: http://secunia.com/advisories/19090 "Scott Sinclair has reported a vulnerability in irssi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "dcc_ctcp_resume_parse()" function in "dcc-resume.c". This can be exploited to crash a vulnerable client by sending a specially crafted DCC ACCEPT message with too few parameters." >How-To-Repeat: n/a >Fix: The following patch is based on work by the Ubuntu security team. %%% --- src/irc/dcc/dcc-resume.c +++ src/irc/dcc/dcc-resume.c @@ -89,6 +89,9 @@ params = g_strsplit(data, " ", -1); paramcount = strarray_length(params); + if (paramcount < 3) + return 0; + fileparams = get_file_params_count_resume(params, paramcount); if (paramcount >= fileparams + 2) { %%% >Release-Note: >Audit-Trail: >Unformatted: