1 |
a3li 10/09/09 14:52:43 |
2 |
|
3 |
Added: bip-CVE-2010-3071.patch |
4 |
Log: |
5 |
Revbump to fix CVE-2010-3071 (remote DoS), bug 336321. |
6 |
(Portage version: 2.2_rc67/cvs/Linux x86_64) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 net-irc/bip/files/bip-CVE-2010-3071.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/bip/files/bip-CVE-2010-3071.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-irc/bip/files/bip-CVE-2010-3071.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: bip-CVE-2010-3071.patch |
15 |
=================================================================== |
16 |
From ad771372ac3f2f649a9f3f300c2d51a4701ad9ea Mon Sep 17 00:00:00 2001 |
17 |
From: Alex Legler <a3li@g.o> |
18 |
Date: Thu, 9 Sep 2010 16:37:43 +0200 |
19 |
Subject: [PATCH] Check LINK(lc) before using it to avoid a null-pointer dereference (CVE-2010-3071) |
20 |
|
21 |
--- |
22 |
src/irc.c | 6 +++--- |
23 |
1 files changed, 3 insertions(+), 3 deletions(-) |
24 |
|
25 |
diff --git a/src/irc.c b/src/irc.c |
26 |
index fa98e09..c5f65a2 100644 |
27 |
--- a/src/irc.c |
28 |
+++ b/src/irc.c |
29 |
@@ -2449,7 +2449,7 @@ void bip_on_event(bip_t *bip, connection_t *conn) |
30 |
if (err) { |
31 |
if (TYPE(lc) == IRC_TYPE_SERVER) { |
32 |
mylog(LOG_ERROR, "[%s] read_lines error, closing...", |
33 |
- LINK(lc)->name); |
34 |
+ LINK(lc) ? LINK(lc)->name : "?"); |
35 |
irc_server_shutdown(LINK(lc)->l_server); |
36 |
} else { |
37 |
mylog(LOG_ERROR, "client read_lines error, closing..."); |
38 |
@@ -2471,7 +2471,7 @@ void bip_on_event(bip_t *bip, connection_t *conn) |
39 |
line = irc_line_new_from_string(line_s); |
40 |
if (!line) { |
41 |
mylog(LOG_ERROR, "[%s] Error in protocol, closing...", |
42 |
- LINK(lc)->name); |
43 |
+ LINK(lc) ? LINK(lc)->name : "?"); |
44 |
free(line_s); |
45 |
goto prot_err_lines; |
46 |
} |
47 |
@@ -2481,7 +2481,7 @@ void bip_on_event(bip_t *bip, connection_t *conn) |
48 |
free(line_s); |
49 |
if (r == ERR_PROTOCOL) { |
50 |
mylog(LOG_ERROR, "[%s] Error in protocol, closing...", |
51 |
- LINK(lc)->name); |
52 |
+ LINK(lc) ? LINK(lc)->name : "?"); |
53 |
goto prot_err_lines; |
54 |
} |
55 |
if (r == ERR_AUTH) |
56 |
-- |
57 |
1.7.2 |