Bug#567191: marked as done (please include patches from DSA)

Fri, 29 Jan 2010 15:46:55 -0800 

Your message dated Fri, 29 Jan 2010 23:43:22 +0000
with message-id <e1nb0uk-0007u7...@ries.debian.org>
and subject line Bug#567191: fixed in ircd-ratbox 3.0.6.dfsg-1
has caused the Debian Bug report #567191,
regarding please include patches from DSA
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
567191: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567191
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ircd-ratbox
Severity: grave
Tags: security patch

Hi

DSA-1980-1 has fixed two issues in ircd-ratbox, patches attached. Please
include them in the next upload.

Cheers
Steffen

--- ircd-hybrid-7.2.2.dfsg.2.orig/src/irc_string.c
+++ ircd-hybrid-7.2.2.dfsg.2/src/irc_string.c
@@ -103,7 +103,9 @@
     }
     else
       *d++ = *src;
-    ++src, --len;
+    if (len > 0) {
+       ++src, --len;
+    }
   }
   *d = '\0';
   return dest;

--- ircd-ratbox/branches/RATBOX_3_0/src/cache.c	2008/12/18 03:49:48	26334
+++ ircd-ratbox/branches/RATBOX_3_0/src/cache.c	2010/01/22 17:26:08	26732
@@ -114,12 +114,25 @@
 	struct cachefile *cacheptr;
 	struct cacheline *lineptr;
 	char line[BUFSIZE];
+	struct stat st;
+
 	char *p;
 
 	if((in = fopen(filename, "r")) == NULL)
 		return NULL;
 
-
+        /* check and make sure we have something that is a file... */
+	if(fstat(fileno(in), &st) == -1)
+	{
+		fclose(in);
+		return NULL;
+	}    
+	if(!S_ISREG(st.st_mode))
+	{
+		fclose(in);
+		return NULL;	
+	}
+    
 	cacheptr = rb_malloc(sizeof(struct cachefile));
 
 	rb_strlcpy(cacheptr->name, shortname, sizeof(cacheptr->name));
@@ -140,7 +153,11 @@
 		else
 			rb_dlinkAddTailAlloc(emptyline, &cacheptr->contents);
 	}
-
+	if(rb_dlink_list_length(&cacheptr->contents) == 0)
+	{
+		rb_free(cacheptr);
+		cacheptr = NULL;
+	}
 	fclose(in);
 	return cacheptr;
 }
@@ -222,6 +239,7 @@
 	struct stat sb;
 #endif
 
+
 	/* opers must be done first */
 	helpfile_dir = opendir(HPATH);
 
@@ -232,7 +250,8 @@
 	{
 		rb_snprintf(filename, sizeof(filename), "%s/%s", HPATH, ldirent->d_name);
 		cacheptr = cache_file(filename, ldirent->d_name, HELP_OPER);
-		add_to_help_hash(cacheptr->name, cacheptr);
+		if(cacheptr != NULL)
+			add_to_help_hash(cacheptr->name, cacheptr);
 	}
 
 	closedir(helpfile_dir);
@@ -265,7 +284,8 @@
 #endif
 
 		cacheptr = cache_file(filename, ldirent->d_name, HELP_USER);
-		add_to_help_hash(cacheptr->name, cacheptr);
+		if(cacheptr != NULL)
+			add_to_help_hash(cacheptr->name, cacheptr);
 	}
 
 	closedir(helpfile_dir);

--- End Message ---
--- Begin Message --- 
Source: ircd-ratbox
Source-Version: 3.0.6.dfsg-1

We believe that the bug you reported is fixed in the latest version of
ircd-ratbox, which is due to be installed in the Debian FTP archive:

ircd-ratbox-dbg_3.0.6.dfsg-1_i386.deb
  to main/i/ircd-ratbox/ircd-ratbox-dbg_3.0.6.dfsg-1_i386.deb
ircd-ratbox_3.0.6.dfsg-1.debian.tar.gz
  to main/i/ircd-ratbox/ircd-ratbox_3.0.6.dfsg-1.debian.tar.gz
ircd-ratbox_3.0.6.dfsg-1.dsc
  to main/i/ircd-ratbox/ircd-ratbox_3.0.6.dfsg-1.dsc
ircd-ratbox_3.0.6.dfsg-1_i386.deb
  to main/i/ircd-ratbox/ircd-ratbox_3.0.6.dfsg-1_i386.deb
ircd-ratbox_3.0.6.dfsg.orig.tar.gz
  to main/i/ircd-ratbox/ircd-ratbox_3.0.6.dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Dequènes (Duck) <d...@duckcorp.org> (supplier of updated ircd-ratbox 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 29 Jan 2010 02:08:21 +0100
Source: ircd-ratbox
Binary: ircd-ratbox ircd-ratbox-dbg
Architecture: source i386
Version: 3.0.6.dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Arnaud Cornet <acor...@debian.org>
Changed-By: Marc Dequènes (Duck) <d...@duckcorp.org>
Description: 
 ircd-ratbox - advanced, stable and fast ircd
 ircd-ratbox-dbg - debugging symbols for ircd-ratbox
Closes: 567191
Changes: 
 ircd-ratbox (3.0.6.dfsg-1) unstable; urgency=high
 .
   * New upstream release (closes: #567191, security bug).
   * Clarify why this package has been modified to be DFSG-compliant in
     'debian/copyright'.
   * Increased Standards-Version to 3.8.4.0 (no changes).
   * Switched to dpkg-source 3.0 (quilt) format (and removed quilt calls
     and build dependencies).
   * Updated 'relibtoolization' patch.
   * Updated 'debian/clean'...
Checksums-Sha1: 
 0fcbe2d37b8ac51226279ca76741a92977bd2f2d 1275 ircd-ratbox_3.0.6.dfsg-1.dsc
 8b42d081d3856a03d1cfed8fc65987ae77449612 2558505 
ircd-ratbox_3.0.6.dfsg.orig.tar.gz
 4b03795347f10a134d87547d53460bdb66203209 33608 
ircd-ratbox_3.0.6.dfsg-1.debian.tar.gz
 bb529583171cced7a0d3df195caf0e00c2ea4207 581620 
ircd-ratbox_3.0.6.dfsg-1_i386.deb
 c02a7c0f330d28cd29f0430a9560c0bb6fb2b58f 829770 
ircd-ratbox-dbg_3.0.6.dfsg-1_i386.deb
Checksums-Sha256: 
 b8ba1cd41ae428bcc6f13e94393ba3643082152563b0d0ad2fba70203f6ca506 1275 
ircd-ratbox_3.0.6.dfsg-1.dsc
 6fd1d8ca0aa0f2791975e0725ec67bdac9a28891d3f4fe46947f9bcf9e5da268 2558505 
ircd-ratbox_3.0.6.dfsg.orig.tar.gz
 fca705e90be25b297929edfcef022eb843d02c2b273af5e9679a319f08ff488c 33608 
ircd-ratbox_3.0.6.dfsg-1.debian.tar.gz
 dd5fdc4ea828134346c099f07fc0053e31bc0909088aa4ddf38e3d137f74b16f 581620 
ircd-ratbox_3.0.6.dfsg-1_i386.deb
 78c82656d23995e1aa9298fa33c0c47c1184bc703c7e88f29d3ea53c314772e0 829770 
ircd-ratbox-dbg_3.0.6.dfsg-1_i386.deb
Files: 
 1f6c4df5180fd98b7dbb97456bf88e38 1275 net optional ircd-ratbox_3.0.6.dfsg-1.dsc
 7703937d13334f023723318237356983 2558505 net optional 
ircd-ratbox_3.0.6.dfsg.orig.tar.gz
 68bfa020b77933f14acd136a368827ed 33608 net optional 
ircd-ratbox_3.0.6.dfsg-1.debian.tar.gz
 6ee73c0983f866811a5ab7592a6b58d3 581620 net optional 
ircd-ratbox_3.0.6.dfsg-1_i386.deb
 c008be4dd4023a1dc7e3820e37328082 829770 debug extra 
ircd-ratbox-dbg_3.0.6.dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktjSsoACgkQsczZcpAmcIbrNACfWdUPKztlWu5P4rUn4DF8CSCy
3bUAnRfw0sLzxzuWrjD/Zm6+H5oGBSVf
=ppzL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to