From tilman@arved.de  Fri Sep 27 13:55:11 2002
Return-Path: <tilman@arved.de>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A652C37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 Sep 2002 13:55:11 -0700 (PDT)
Received: from 21322530218.direct.eti.at (21322530218.direct.eti.at [213.225.30.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7AEC943E7B
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 Sep 2002 13:55:10 -0700 (PDT)
	(envelope-from tilman@arved.de)
Received: from sauna.arved.de (sauna.arved.de [192.168.2.4])
	by 21322530218.direct.eti.at (8.12.5/8.12.5) with ESMTP id g8RL0aW9091402
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 Sep 2002 23:00:36 +0200 (CEST)
	(envelope-from tilman@arved.de)
Received: from sauna.arved.de (sauna.arved.de [127.0.0.1])
	by sauna.arved.de (8.12.5/8.12.5) with ESMTP id g8RKtCsi002500;
	Fri, 27 Sep 2002 22:55:12 +0200 (CEST)
	(envelope-from tilman@sauna.arved.de)
Received: (from tilman@localhost)
	by sauna.arved.de (8.12.5/8.12.5/Submit) id g8RKtBhx002499;
	Fri, 27 Sep 2002 22:55:11 +0200 (CEST)
Message-Id: <200209272055.g8RKtBhx002499@sauna.arved.de>
Date: Fri, 27 Sep 2002 22:55:11 +0200 (CEST)
From: Tilman Linneweh <tilman@arved.de>
Reply-To: Tilman Linneweh <tilman@arved.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: tilman@arved.de
Subject: Update port irc/ezbounce Security Fix
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         43437
>Category:       ports
>Synopsis:       Update port irc/ezbounce Security Fix
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    arved
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 27 14:00:13 PDT 2002
>Closed-Date:    Mon Nov 18 15:23:04 PST 2002
>Last-Modified:  Mon Nov 18 15:23:04 PST 2002
>Originator:     Tilman Linneweh
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
BSD Usergroup Austria
>Environment:
System: FreeBSD sauna.arved.de 4.6-STABLE FreeBSD 4.6-STABLE #0: Sun Jul 7 20:02:41 CEST 2002 tilman@sauna.arved.de:/usr/obj/usr/src/sys/SAUNA i386


	
>Description:
From ezbounce's Homepage:

July 21, 2002

Security update: patch against 1.02

A small problem exists in 1.02 that can be exploited remotely. It is an "off-by-two" error that can be exploited ONLY by users with admin privileges. Specifically, it is caused by an incorrect usage of strncat() in the "DIE" command handler. Therefore, it is not a serious security hole, but the patch is available for those uber-serious about their system safety. 
	
>How-To-Repeat:
	
>Fix:

	

--- ezbounce.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/irc/ezbounce/Makefile,v
retrieving revision 1.21
diff -u -r1.21 Makefile
--- Makefile	5 Jul 2002 03:07:59 -0000	1.21
+++ Makefile	27 Sep 2002 20:51:20 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=	ezbounce
 PORTVERSION=	1.02
+PORTREVISION=	1
 CATEGORIES=	irc
 MASTER_SITES=  	http://druglord.freelsd.org/ezbounce/
 
Index: files/patch-src-server.cpp
===================================================================
RCS file: files/patch-src-server.cpp
diff -N files/patch-src-server.cpp
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/patch-src-server.cpp	27 Sep 2002 20:50:30 -0000
@@ -0,0 +1,20 @@
+--- src/server.cpp	Sun May  5 17:53:00 2002
++++ src/server.cpp	Mon Jul 22 04:27:26 2002
+@@ -204,7 +204,7 @@
+     if (now)
+     {
+         strcpy(buff, "Server terminating: ");
+-        strncat(buff, reason, (sizeof buff) - strlen(buff) + 1);
++        strncat(buff, reason, (sizeof buff) - (strlen(buff) + 1));
+         conn::broadcast(&conns,buff);
+         ircproxy_save_prefs(users, pcfg.userfile);
+         kill_conns();
+@@ -213,7 +213,7 @@
+     }
+     terminate_request = 1;
+     strcpy(buff, "Terminate request: ");
+-    strncat(buff, reason, (sizeof buff) - strlen(buff) + 1);
++    strncat(buff, reason, (sizeof buff) - (strlen(buff) + 1));
+     conn::broadcast(&conns,buff);
+     ircproxy_save_prefs(users, pcfg.userfile);
+     return 1;
--- ezbounce.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->arved 
Responsible-Changed-By: obraun 
Responsible-Changed-When: Sat Oct 19 15:01:31 PDT 2002 
Responsible-Changed-Why:  
Submitter is committer now. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=43437 
State-Changed-From-To: open->closed 
State-Changed-By: arved 
State-Changed-When: Mon Nov 18 15:22:52 PST 2002 
State-Changed-Why:  
Committed thanks 

http://www.freebsd.org/cgi/query-pr.cgi?pr=43437 
>Unformatted:
