Bug#550389: marked as done (hybserv: misparsing when sent commands with tabs)

[Debian Bug Tracking System]

Your message dated Mon, 01 Feb 2010 19:52:36 +0000
with message-id <e1nc2k4-0005jw...@ries.debian.org>
and subject line Bug#550389: fixed in hybserv 1.9.2-4+lenny2
has caused the Debian Bug report #550389,
regarding hybserv: misparsing when sent commands with tabs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
550389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: hybserv
Version: 1.9.2-4
Severity: important
Tags: patch

Hi,

sending 'PRIVMSG memoserv :help \t' crashes hybserv.
GiveHelp is called with command="\t", so SplitBuf(command, &cav) at
helpserv.c:365 returns 0, and the next line calls strlcpy() with src ==
NULL.
I fixed this by replacing "while (*buf == ' ')" with "while
(IsSpace(*buf))" in mystring.c:145.  This way the first parsing in
ms_process() returns 1, and m_help() calls GiveHelp with command ==
NULL, avoiding the crash.
All of mystring.c, memoserv.c and helpserv.c seem to be unchanged
between 1.9.2 and 1.9.4 so I'm pretty sure it's not fixed in any
upstream release.

Cheers,
Julien

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Source: hybserv
Source-Version: 1.9.2-4+lenny2

We believe that the bug you reported is fixed in the latest version of
hybserv, which is due to be installed in the Debian FTP archive:

hybserv_1.9.2-4+lenny2.diff.gz
  to main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz
hybserv_1.9.2-4+lenny2.dsc
  to main/h/hybserv/hybserv_1.9.2-4+lenny2.dsc
hybserv_1.9.2-4+lenny2_i386.deb
  to main/h/hybserv/hybserv_1.9.2-4+lenny2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 550...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <wh...@debian.org> (supplier of updated hybserv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 29 Jan 2010 14:21:54 +0100
Source: hybserv
Binary: hybserv
Architecture: source i386
Version: 1.9.2-4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Aurélien GÉRÔME <a...@roxor.cx>
Changed-By: Steffen Joeris <wh...@debian.org>
Description: 
 hybserv    - IRC services for IRCD-Hybrid
Closes: 550389
Changes: 
 hybserv (1.9.2-4+lenny2) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix DoS via commands with tabs (Closes: #550389)
     Fixes: CVE-2010-0303
   * Add db_stop to hybserv.postinst to make sure it doesn't hang due to
     the open file descriptors by debconf
     Thanks to Julien Cristau
Checksums-Sha1: 
 61da885044f8ff99cb2058566c002eaddab27f62 1000 hybserv_1.9.2-4+lenny2.dsc
 f41caaad90e4a91dc088ccc05cf8fb1e4b438028 418829 hybserv_1.9.2.orig.tar.gz
 cf25411dd39db36e41d62fc52d287a9ee4fe5737 12958 hybserv_1.9.2-4+lenny2.diff.gz
 3f91402a6d854ba8431336bf6e1f126d44aca41c 210102 hybserv_1.9.2-4+lenny2_i386.deb
Checksums-Sha256: 
 404d70c737052583a3484ec654b4a99081380010c438487284bf8cd7eb04b011 1000 
hybserv_1.9.2-4+lenny2.dsc
 57ced45c09561851e0981bf09361644c2f6bfd2622e989715c3427d5dece3d39 418829 
hybserv_1.9.2.orig.tar.gz
 63a9c1bca4ec949f58d885973633184fe8a1612881b6f5e95be3483e34a70fc5 12958 
hybserv_1.9.2-4+lenny2.diff.gz
 67179604ccc9b540ad27e2d5518a85c4988162f24c55ab59d141cb24042808ae 210102 
hybserv_1.9.2-4+lenny2_i386.deb
Files: 
 1e53e47576f3165f8dff86114b5fbf9d 1000 net extra hybserv_1.9.2-4+lenny2.dsc
 b0ebd0027c2b858ef8db6f06ac0d284b 418829 net extra hybserv_1.9.2.orig.tar.gz
 5af569d594f3208c96a3e02ee84ec4ba 12958 net extra hybserv_1.9.2-4+lenny2.diff.gz
 3e6afd1df128671cf09fb5ccc0ad475b 210102 net extra 
hybserv_1.9.2-4+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkti5TMACgkQ62zWxYk/rQd7FgCfWjx0afIgl5S6KqckBrvz964H
OxUAmwaqiDCCWDvDZpwjUjaWEjOyoO+2
=cRVu
-----END PGP SIGNATURE-----

--- End Message ---