[pkgsrc/trunk]: pkgsrc/chat/centericq Fix horrific number of buffer overflows...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/chat/centericq Fix horrific number of buffer overflows...
From: lkundrak <lkundrak%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:05:24 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/2aa1b6360f29
branches:  trunk
changeset: 531060:2aa1b6360f29
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Thu Jul 19 00:43:40 2007 +0000

description:
Fix horrific number of buffer overflows, CVE-2007-3713.
Bump PKGREVISION.

diffstat:

 chat/centericq/Makefile         |    4 +-
 chat/centericq/distinfo         |    9 +-
 chat/centericq/patches/patch-au |   31 +++++-
 chat/centericq/patches/patch-av |   41 ++++++++
 chat/centericq/patches/patch-aw |   23 ++++
 chat/centericq/patches/patch-ax |  194 ++++++++++++++++++++++++++++++++++++++++
 chat/centericq/patches/patch-ay |   46 +++++++++
 chat/centericq/patches/patch-az |  108 ++++++++++++++++++++++
 8 files changed, 448 insertions(+), 8 deletions(-)

diffs (truncated from 509 to 300 lines):

diff -r 4422c1a36fb7 -r 2aa1b6360f29 chat/centericq/Makefile
--- a/chat/centericq/Makefile   Wed Jul 18 23:33:19 2007 +0000
+++ b/chat/centericq/Makefile   Thu Jul 19 00:43:40 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.66 2007/04/15 20:16:41 wiz Exp $
+# $NetBSD: Makefile,v 1.67 2007/07/19 00:43:40 lkundrak Exp $
 #
 
 DISTNAME=      centericq-4.21.0
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    chat
 MASTER_SITES=  http://thekonst.net/download/ \
                http://centericq.de/archive/source/releases/
diff -r 4422c1a36fb7 -r 2aa1b6360f29 chat/centericq/distinfo
--- a/chat/centericq/distinfo   Wed Jul 18 23:33:19 2007 +0000
+++ b/chat/centericq/distinfo   Thu Jul 19 00:43:40 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2007/02/20 18:45:00 sborrill Exp $
+$NetBSD: distinfo,v 1.23 2007/07/19 00:43:40 lkundrak Exp $
 
 SHA1 (centericq-4.21.0.tar.bz2) = 26b07c4bdcbe8c6888ceab98140b33007bec8554
 RMD160 (centericq-4.21.0.tar.bz2) = 69207fcaf5c90b9ae4609221526b839659c5ccfc
@@ -23,4 +23,9 @@
 SHA1 (patch-ar) = b06ba8fad9a2dbcfacb0c81e2689cca02a38dd01
 SHA1 (patch-as) = 55822a88a4fd17e57a06f0f186a6649fe3e4b092
 SHA1 (patch-at) = 7dd7158371940522c7d393ea8d9194c2e4154cf8
-SHA1 (patch-au) = 6e33ed258b9762afc0f2bd0e4e726818f8811619
+SHA1 (patch-au) = 3a1bab4ffc13cc75480a6d249185a07e52bcdf6d
+SHA1 (patch-av) = bf032d4447349d3b4f75c43f58eca3e0342b9f9d
+SHA1 (patch-aw) = 20b682ce67e9d026a1253e2ce7546eea1d924282
+SHA1 (patch-ax) = a96edcc859b30fde6e6577a833005fab8d45eabf
+SHA1 (patch-ay) = 46ca8c7a9828c471aa760089f2271f21c9cf0ce6
+SHA1 (patch-az) = 4542871c64fffb311cc464bc0b25fb59ef2db3b3
diff -r 4422c1a36fb7 -r 2aa1b6360f29 chat/centericq/patches/patch-au
--- a/chat/centericq/patches/patch-au   Wed Jul 18 23:33:19 2007 +0000
+++ b/chat/centericq/patches/patch-au   Thu Jul 19 00:43:40 2007 +0000
@@ -1,8 +1,19 @@
-$NetBSD: patch-au,v 1.1 2007/02/20 18:45:00 sborrill Exp $
+$NetBSD: patch-au,v 1.2 2007/07/19 00:43:40 lkundrak Exp $
+
+Part of a fix for CVE-2007-3713.
 
---- src/hooks/jabberhook.cc.orig       2007-02-20 18:20:36.000000000 +0000
-+++ src/hooks/jabberhook.cc    2007-02-20 18:21:08.000000000 +0000
-@@ -887,11 +887,6 @@
+--- src/hooks/jabberhook.cc.orig       2007-07-19 02:34:54.000000000 +0200
++++ src/hooks/jabberhook.cc
+@@ -36,6 +36,8 @@
+ #define DEFAULT_CONFSERV "conference.jabber.org"
+ #define PERIOD_KEEPALIVE 30
+ 
++#define NOTIFBUF 512
++
+ static void jidsplit(const string &jid, string &user, string &host, string &rest) {
+     int pos;
+     user = jid;
+@@ -887,11 +889,6 @@ void jabberhook::gotsearchresults(xmlnod
  void jabberhook::gotloggedin() {
      xmlnode x;
  
@@ -14,3 +25,15 @@
      x = jutil_iqnew(JPACKET__GET, NS_ROSTER);
      xmlnode_put_attrib(x, "id", "Roster");
      jab_send(jc, x);
+@@ -1289,8 +1286,9 @@ void jabberhook::gotversion(const imcont
+       if(vinfo.size() > 128)
+           vinfo.erase(128);
+ 
+-      char buf[256];
+-      sprintf(buf, _("The remote is using %s"), vinfo.c_str());
++      char buf[NOTIFBUF];
++      snprintf(buf, NOTIFBUF, _("The remote is using %s"), vinfo.c_str());
++      buf[NOTIFBUF-1] = '\0';
+       em.store(imnotification(ic, buf));
+     }
+ }
diff -r 4422c1a36fb7 -r 2aa1b6360f29 chat/centericq/patches/patch-av
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/centericq/patches/patch-av   Thu Jul 19 00:43:40 2007 +0000
@@ -0,0 +1,41 @@
+$NetBSD: patch-av,v 1.1 2007/07/19 00:43:40 lkundrak Exp $
+
+--- src/hooks/abstracthook.cc.orig     2007-07-19 02:24:38.000000000 +0200
++++ src/hooks/abstracthook.cc
+@@ -40,6 +40,8 @@
+ 
+ #include <time.h>
+ 
++#define NOTIFBUF 512
++
+ time_t timer_current = time(0);
+ 
+ abstracthook::abstracthook(protocolname aproto)
+@@ -339,7 +341,7 @@ bool abstracthook::regattempt(unsigned i
+ 
+ void abstracthook::log(logevent ev, ...) {
+     va_list ap;
+-    char buf[512];
++    char buf[NOTIFBUF];
+     static map<logevent, string> lst;
+ 
+     if(lst.empty()) {
+@@ -354,7 +356,8 @@ void abstracthook::log(logevent ev, ...)
+     }
+ 
+     va_start(ap, ev);
+-    vsprintf(buf, lst[ev].c_str(), ap);
++    vsnprintf(buf, NOTIFBUF, lst[ev].c_str(), ap);
++    buf[NOTIFBUF-1] = '\0';
+     va_end(ap);
+ 
+     face.log((string) "+ [" + conf.getprotocolname(proto)  + "] " + buf);
+@@ -751,7 +754,7 @@ string abstracthook::getTimezoneIDtoStri
+     if(id > 24 || id < -24) {
+       return "Unspecified";
+     } else {
+-      char buf[32];
++      static char buf[32];
+       sprintf(buf, "GMT %s%d:%s", id > 0 ? "-" : "+", abs(id/2), id % 2 == 0 ? "00" : "30");
+       return buf;
+     }
diff -r 4422c1a36fb7 -r 2aa1b6360f29 chat/centericq/patches/patch-aw
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/centericq/patches/patch-aw   Thu Jul 19 00:43:40 2007 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-aw,v 1.1 2007/07/19 00:43:42 lkundrak Exp $
+
+--- src/hooks/aimhook.cc.orig  2007-07-19 02:24:38.000000000 +0200
++++ src/hooks/aimhook.cc
+@@ -32,6 +32,8 @@
+ #include "imlogger.h"
+ #include "eventmanager.h"
+ 
++#define NOTIFBUF 512
++
+ aimhook ahook;
+ 
+ aimhook::aimhook()
+@@ -293,7 +295,8 @@ void aimhook::loadprofile() {
+ 
+     if(access(fname.c_str(), R_OK)) {
+       char sbuf[512];
+-      sprintf(sbuf, _("I do really enjoy the default AIM profile of centericq %s."), VERSION);
++      snprintf(sbuf, 512, _("I do really enjoy the default AIM profile of centericq %s."), VERSION);
++      sbuf[511] = '\0';
+       profile.info = sbuf;
+       saveprofile();
+     }
diff -r 4422c1a36fb7 -r 2aa1b6360f29 chat/centericq/patches/patch-ax
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/centericq/patches/patch-ax   Thu Jul 19 00:43:40 2007 +0000
@@ -0,0 +1,194 @@
+$NetBSD: patch-ax,v 1.1 2007/07/19 00:43:42 lkundrak Exp $
+
+Part of a fix for CVE-2007-3713.
+
+--- src/hooks/irchook.cc.orig  2007-07-19 02:24:38.000000000 +0200
++++ src/hooks/irchook.cc
+@@ -35,6 +35,8 @@
+ 
+ #include <iterator>
+ 
++#define NOTIFBUF 512
++
+ // ----------------------------------------------------------------------------
+ 
+ irchook irhook;
+@@ -609,11 +611,12 @@ void irchook::rawcommand(const string &c
+ 
+ void irchook::channelfatal(string room, const char *fmt, ...) {
+     va_list ap;
+-    char buf[1024];
++    char buf[NOTIFBUF];
+     vector<channelInfo>::iterator i;
+ 
+     va_start(ap, fmt);
+-    vsprintf(buf, fmt, ap);
++    vsnprintf(buf, NOTIFBUF, fmt, ap);
++    buf[NOTIFBUF-1] = '\0';
+     va_end(ap);
+ 
+     if(room.substr(0, 1) != "#")
+@@ -1196,7 +1199,7 @@ void irchook::errorhandler(void *connect
+ void irchook::nickchanged(void *connection, void *cli, ...) {
+     va_list ap;
+     icqcontact *c;
+-    char buf[100];
++    char buf[NOTIFBUF];
+ 
+     va_start(ap, cli);
+     char *oldnick = va_arg(ap, char *);
+@@ -1218,7 +1221,8 @@ void irchook::nickchanged(void *connecti
+ 
+           }
+ 
+-          sprintf(buf, _("The user has changed their nick from %s to %s"), oldnick, newnick);
++          snprintf(buf, NOTIFBUF, _("The user has changed their nick from %s to %s"), oldnick, newnick);
++          buf[NOTIFBUF-1] = '\0';
+           em.store(imnotification(c, buf));
+       }
+     }
+@@ -1254,18 +1258,20 @@ const char * const command, const char *
+ 
+ void irchook::subreply(void *conn, void *cli, const char * const nick,
+ const char * const command, const char * const args) {
+-    char buf[512];
++    char buf[NOTIFBUF];
+ 
+     if(!strcmp(command, "PING")) {
+       map<string, time_t>::iterator i = irhook.pingtime.find(up(nick));
+ 
+       if(i != irhook.pingtime.end()) {
+-          sprintf(buf, _("PING reply from the user: %d second(s)"), time(0)-i->second);
++          snprintf(buf, NOTIFBUF, _("PING reply from the user: %d second(s)"), time(0)-i->second);
++          buf[NOTIFBUF-1] = '\0';
+           em.store(imnotification(imcontact(nick, irc), buf));
+       }
+ 
+     } else if(!strcmp(command, "VERSION")) {
+-      sprintf(buf, _("The remote is using %s"), args);
++      snprintf(buf, NOTIFBUF, _("The remote is using %s"), args);
++      buf[NOTIFBUF-1] = '\0';
+       em.store(imnotification(imcontact(nick, irc), buf));
+ 
+     }
+@@ -1378,8 +1384,9 @@ void irchook::chatuserjoined(void *conn,
+       if(strlen(email))
+           uname += (string) " (" + email + ")";
+ 
+-      char buf[512];
+-      sprintf(buf, _("%s has joined."), uname.c_str());
++      char buf[NOTIFBUF];
++      snprintf(buf, NOTIFBUF, _("%s has joined."), uname.c_str());
++      buf[NOTIFBUF-1] = '\0';
+       em.store(imnotification(imcontact(room, irc), buf));
+     }
+ }
+@@ -1395,14 +1402,16 @@ void irchook::chatuserleft(void *conn, v
+ 
+     if(conf.getourid(irc).nickname != who) {
+       string text;
+-      char buf[512];
++      char buf[NOTIFBUF];
+ 
+-      sprintf(buf, _("%s has left"), who); text = buf;
++      snprintf(buf, NOTIFBUF, _("%s has left"), who); text = buf;
++        buf[NOTIFBUF-1] = '\0';
+ 
+       if(reason)
+       if(strlen(reason)) {
+           if(strlen(reason) > 450) reason[450] = 0;
+-          sprintf(buf, _("reason: %s"), reason);
++          snprintf(buf, NOTIFBUF, _("reason: %s"), reason);
++          buf[NOTIFBUF-1] = '\0';
+           text += (string) "; " + buf + ".";
+       }
+ 
+@@ -1422,13 +1431,15 @@ void irchook::chatuserkicked(void *conn,
+ 
+     if(conf.getourid(irc).nickname != who) {
+       string text;
+-      char buf[512];
++      char buf[NOTIFBUF];
+ 
+-      sprintf(buf, _("%s has been kicked by %s"), who, by); text = buf;
++      snprintf(buf, NOTIFBUF, _("%s has been kicked by %s"), who, by); text = buf;
++      buf[NOTIFBUF-1] = '\0';
+ 
+       if(reason)
+       if(strlen(reason)) {
+-          sprintf(buf, _("reason: %s"), reason);
++          snprintf(buf, NOTIFBUF, _("reason: %s"), reason);
++          buf[NOTIFBUF-1] = '\0';
+           text += (string) "; " + buf + ".";
+       }
+ 
+@@ -1451,13 +1462,15 @@ void irchook::chatgottopic(void *conn, v
+       return;
+ 
+     string text;
+-    char buf[1024];
+-    sprintf(buf, _("Channel topic now is: %s"), topic);
++    char buf[NOTIFBUF];
++    snprintf(buf, NOTIFBUF, _("Channel topic now is: %s"), topic);
++    buf[NOTIFBUF-1] = '\0';
+     text = buf;
+ 
+     if(author)
+     if(strlen(author)) {
+-      sprintf(buf, _("set by %s"), author);
++      snprintf(buf, NOTIFBUF, _("set by %s"), author);
++      buf[NOTIFBUF-1] = '\0';
+       text += (string) "; " + buf + ".";
+     }
+ 
+@@ -1474,8 +1487,9 @@ void irchook::chatuseropped(void *conn, 
+     va_end(ap);
+ 
+     if(by) {
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc + ImageMagick-6.3.5.0, SDL_image-1.2.6, SDL_mixer-...
Next by Date: [pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files/audit-packages New sentence...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc + ImageMagick-6.3.5.0, SDL_image-1.2.6, SDL_mixer-...
Next by Thread: [pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install/files/audit-packages New sentence...
Indexes:
Home | Main Index | Thread Index | Old Index