Archives
Archives
| From: | "Santiago M. Mola (coldwind)" <coldwind@g.o> |
|---|---|
| To: | gentoo-commits@l.g.o |
| Subject: | [gentoo-commits] gentoo-x86 commit in net-p2p/linuxdcpp/files: linuxdcpp-1.0.1-fix-remote-vulnerability.patch |
| Date: | Sun, 29 Jun 2008 22:52:08 |
| Message-Id: | E1KD5kZ-0006wM-0d@stork.gentoo.org |
| 1 | coldwind 08/06/29 22:52:03 |
| 2 | |
| 3 | Modified: linuxdcpp-1.0.1-fix-remote-vulnerability.patch |
| 4 | Log: |
| 5 | Security fix, second round. |
| 6 | (Portage version: 2.2_rc1/cvs/Linux 2.6.25-gentoo-r3 x86_64) |
| 7 | |
| 8 | Revision Changes Path |
| 9 | 1.2 net-p2p/linuxdcpp/files/linuxdcpp-1.0.1-fix-remote-vulnerability.patch |
| 10 | |
| 11 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-p2p/linuxdcpp/files/linuxdcpp-1.0.1-fix-remote-vulnerability.patch?rev=1.2&view=markup |
| 12 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-p2p/linuxdcpp/files/linuxdcpp-1.0.1-fix-remote-vulnerability.patch?rev=1.2&content-type=text/plain |
| 13 | diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-p2p/linuxdcpp/files/linuxdcpp-1.0.1-fix-remote-vulnerability.patch?r1=1.1&r2=1.2 |
| 14 | |
| 15 | Index: linuxdcpp-1.0.1-fix-remote-vulnerability.patch |
| 16 | =================================================================== |
| 17 | RCS file: /var/cvsroot/gentoo-x86/net-p2p/linuxdcpp/files/linuxdcpp-1.0.1-fix-remote-vulnerability.patch,v |
| 18 | retrieving revision 1.1 |
| 19 | retrieving revision 1.2 |
| 20 | diff -u -r1.1 -r1.2 |
| 21 | --- linuxdcpp-1.0.1-fix-remote-vulnerability.patch 29 Jun 2008 18:46:01 -0000 1.1 |
| 22 | +++ linuxdcpp-1.0.1-fix-remote-vulnerability.patch 29 Jun 2008 22:52:02 -0000 1.2 |
| 23 | @@ -13,3 +13,21 @@ |
| 24 | for(ShareManager::Directory::MapIter it2 = it->second->directories.begin(); it2 != it->second->directories.end(); ++it2) { |
| 25 | it2->second->toXml(sos, indent, tmp, recurse); |
| 26 | } |
| 27 | +--- client/NmdcHub.cpp 4 Aug 2007 21:17:21 -0000 1.14 |
| 28 | ++++ client/NmdcHub.cpp 29 Jun 2008 15:42:27 -0000 1.15 |
| 29 | +@@ -693,10 +693,14 @@ |
| 30 | + if(fromNick.empty()) |
| 31 | + return; |
| 32 | + |
| 33 | ++ if(param.size() < j + 2) { |
| 34 | ++ return; |
| 35 | ++ } |
| 36 | ++ string msg = param.substr(j + 2); |
| 37 | ++ |
| 38 | + OnlineUser* replyTo = findUser(rtNick); |
| 39 | + OnlineUser* from = findUser(fromNick); |
| 40 | + |
| 41 | +- string msg = param.substr(j + 2); |
| 42 | + if(replyTo == NULL || from == NULL) { |
| 43 | + if(replyTo == 0) { |
| 44 | + // Assume it's from the hub |
| 45 | |
| 46 | |
| 47 | |
| 48 | -- |
| 49 | gentoo-commits@l.g.o mailing list |