fixed security bug #332535

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64

1 files changed, 89 insertions, 0 deletions

diff --git a/net-irc/znc/files/znc-0.092-dos-fix.patch b/net-irc/znc/files/znc-0.092-dos-fix.patch
new file mode 100644
index 000000000000..a2688f4b1cfc
--- /dev/null
+++ b/net-irc/znc/files/znc-0.092-dos-fix.patch
@@ -0,0 +1,89 @@
+diff -u -r znc-0.092-orig//Client.cpp znc-0.092/Client.cpp
+--- znc-0.092-orig//Client.cpp	2010-08-15 01:29:28.972436649 +0300
++++ znc-0.092/Client.cpp	2010-08-15 01:30:34.721440283 +0300
+@@ -185,7 +185,10 @@
+ 		// won't answer the ping (=no server connected) -> PONG back.
+ 		// else: It's the server's job to send a PONG.
+ 		if (sTarget.Equals("irc.znc.in") || !GetIRCSock()) {
+-			PutClient("PONG " + sLine.substr(5));
++			if (sLine.length() >= 5)
++				PutClient("PONG " + sLine.substr(5));
++			else
++				PutClient(":irc.znc.in PONG irc.znc.in");
+ 			return;
+ 		}
+ 	} else if (sCommand.Equals("PONG")) {
+diff -u -r znc-0.092-orig//IRCSock.cpp znc-0.092/IRCSock.cpp
+--- znc-0.092-orig//IRCSock.cpp	2010-08-15 01:29:28.972436649 +0300
++++ znc-0.092/IRCSock.cpp	2010-08-15 01:31:03.345456528 +0300
+@@ -87,7 +87,7 @@
+ 		return;
+ 	} else if (sLine.Equals("ERROR ", false, 6)) {
+ 		//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
+-		CString sError(sLine.substr(7));
++		CString sError(sLine.substr(6));
+ 
+ 		if (sError.Left(1) == ":") {
+ 			sError.LeftChomp();
+diff -u -r znc-0.092-orig//modules/adminlog.cpp znc-0.092/modules/adminlog.cpp
+--- znc-0.092-orig//modules/adminlog.cpp	2010-08-15 01:29:28.970434898 +0300
++++ znc-0.092/modules/adminlog.cpp	2010-08-15 01:31:13.639445703 +0300
+@@ -52,7 +52,7 @@
+ 		if (sLine.Equals("ERROR ", false, 6)) {
+ 			//ERROR :Closing Link: nick[24.24.24.24] (Excess Flood)
+ 			//ERROR :Closing Link: nick[24.24.24.24] Killer (Local kill by Killer (reason))
+-			CString sError(sLine.substr(7));
++			CString sError(sLine.substr(6));
+ 			if (sError.Left(1) == ":")
+ 				sError.LeftChomp();
+ 			Log("[" + m_pUser->GetUserName() + "] disconnected from IRC: " +
+diff -u -r znc-0.092-orig//modules/away.cpp znc-0.092/modules/away.cpp
+--- znc-0.092-orig//modules/away.cpp	2010-08-15 01:29:28.970434898 +0300
++++ znc-0.092/modules/away.cpp	2010-08-15 01:31:47.479451226 +0300
+@@ -390,7 +390,7 @@
+ 			CBlowfish c(m_sPassword, BF_DECRYPT);
+ 			sBuffer = c.Crypt(sFile);
+ 
+-			if (sBuffer.substr(0, strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
++			if (sBuffer.Left(strlen(CRYPT_VERIFICATION_TOKEN)) != CRYPT_VERIFICATION_TOKEN)
+ 			{
+ 				// failed to decode :(
+ 				PutModule("Unable to decode Encrypted messages");
+diff -u -r znc-0.092-orig//modules/extra/email.cpp znc-0.092/modules/extra/email.cpp
+--- znc-0.092-orig//modules/extra/email.cpp	2010-08-15 01:29:28.971434361 +0300
++++ znc-0.092/modules/extra/email.cpp	2010-08-15 01:32:57.262438966 +0300
+@@ -154,7 +154,7 @@
+ 
+ 	virtual void ReadLine(const CS_STRING & sLine)
+ 	{
+-		if (sLine.substr(0, 5) == "From ")
++		if (sLine.Left(5) == "From ")
+ 		{
+ 			if (!m_sMailBuffer.empty())
+ 			{
+@@ -168,7 +168,7 @@
+ 	void ProcessMail()
+ 	{
+ 		EmailST tmp;
+-		tmp.sUidl = (char *)CMD5(m_sMailBuffer.substr(0, 255));
++		tmp.sUidl = (char *)CMD5(m_sMailBuffer.Left(255));
+ 		VCString vsLines;
+ 		VCString::iterator it;
+ 
+@@ -200,15 +200,7 @@
+ 
+ void CEmail::OnModCommand(const CString& sCommand)
+ {
+-	CString::size_type iPos = sCommand.find(" ");
+-	CString sCom, sArgs;
+-	if (iPos == CString::npos)
+-		sCom = sCommand;
+-	else
+-	{
+-		sCom = sCommand.substr(0, iPos);
+-		sArgs = sCommand.substr(iPos + 1, CString::npos);
+-	}
++	CString sCom = sCommand.Token(0);
+ 
+ 	if (sCom == "timers")
+ 	{