ports/94031: [irc/irssi] Patch DCC ACCEPT parameter handling
Ed Schouten
ed at fxq.nl
Thu Mar 2 17:50:09 UTC 2006
>Number: 94031
>Category: ports
>Synopsis: [irc/irssi] Patch DCC ACCEPT parameter handling
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 02 17:50:07 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Ed Schouten
>Release: FreeBSD 5.5-PRERELEASE i386
>Organization:
Dispuut Interlink - http://il.fontys.nl/
>Environment:
System: FreeBSD palm.hoeg.nl 5.5-PRERELEASE FreeBSD 5.5-PRERELEASE #0: Thu Mar 2 11:02:14 CET 2006 root at palm.hoeg.nl:/usr/obj/usr/src/sys/PALM i386
>Description:
>From the following Secunia entry:
http://secunia.com/advisories/19090
"Scott Sinclair has reported a vulnerability in irssi, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the
"dcc_ctcp_resume_parse()" function in "dcc-resume.c". This can be
exploited to crash a vulnerable client by sending a specially crafted
DCC ACCEPT message with too few parameters."
>How-To-Repeat:
n/a
>Fix:
The following patch is based on work by the Ubuntu security team.
%%%
--- src/irc/dcc/dcc-resume.c
+++ src/irc/dcc/dcc-resume.c
@@ -89,6 +89,9 @@
params = g_strsplit(data, " ", -1);
paramcount = strarray_length(params);
+ if (paramcount < 3)
+ return 0;
+
fileparams = get_file_params_count_resume(params, paramcount);
if (paramcount >= fileparams + 2) {
%%%
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list