rpms/ircd-ratbox/F-13 ircd-ratbox-2.2.8-cache_c.patch, NONE, 1.1 import.log, 1.1, 1.2 ircd-ratbox.spec, 1.6, 1.7

Sat May 29 06:23:20 UTC 2010

Author: rakesh

Update of /cvs/pkgs/rpms/ircd-ratbox/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv6761/F-13

Modified Files:
	import.log ircd-ratbox.spec 
Added Files:
	ircd-ratbox-2.2.8-cache_c.patch 
Log Message:
BZ Bug 559383 - CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities


ircd-ratbox-2.2.8-cache_c.patch:
 cache.c |   26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

--- NEW FILE ircd-ratbox-2.2.8-cache_c.patch ---
--- ircd-ratbox-2.2.8.org/src/cache.c	2010-05-29 10:48:23.955553862 +0530
+++ ircd-ratbox-2.2.8/src/cache.c	2010-05-29 11:13:28.903431678 +0530
@@ -79,11 +79,25 @@
 	struct cachefile *cacheptr;
 	struct cacheline *lineptr;
 	char line[BUFSIZE];
+	struct stat st;
 	char *p;
 
 	if((in = fopen(filename, "r")) == NULL)
 		return NULL;
 
+        /* check and make sure we have something that is a file... */
+	if(fstat(fileno(in), &st) == -1)
+	{
+		fclose(in);
+		return NULL;
+	}    
+
+	if(!S_ISREG(st.st_mode))
+	{
+		fclose(in);
+		return NULL;
+	}
+
 	if(strcmp(shortname, "ircd.motd") == 0)
 	{
 		struct stat sb;
@@ -122,6 +136,12 @@
 		dlinkAddTail(lineptr, &lineptr->linenode, &cacheptr->contents);
 	}
 
+	if((&cacheptr->contents)->length == 0)
+	{
+		free(cacheptr);
+		cacheptr = NULL;
+	}
+
 	fclose(in);
 	return cacheptr;
 }
@@ -214,7 +234,8 @@
 	{
 		ircsnprintf(filename, sizeof(filename), "%s/%s", HPATH, ldirent->d_name);
 		cacheptr = cache_file(filename, ldirent->d_name, HELP_OPER);
-		add_to_help_hash(cacheptr->name, cacheptr);
+		if(cacheptr != NULL)
+			add_to_help_hash(cacheptr->name, cacheptr);
 	}
 
 	closedir(helpfile_dir);
@@ -247,7 +268,8 @@
 #endif
 
 		cacheptr = cache_file(filename, ldirent->d_name, HELP_USER);
-		add_to_help_hash(cacheptr->name, cacheptr);
+		if(cacheptr != NULL)
+			add_to_help_hash(cacheptr->name, cacheptr);
 	}
 
 	closedir(helpfile_dir);


Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/ircd-ratbox/F-13/import.log,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- import.log	31 Aug 2008 15:04:07 -0000	1.1
+++ import.log	29 May 2010 06:23:19 -0000	1.2
@@ -1 +1,2 @@
 ircd-ratbox-2_2_8-1_fc8:HEAD:ircd-ratbox-2.2.8-1.fc8.src.rpm:1220194996
+ircd-ratbox-2_2_8-7_fc12:F-13:ircd-ratbox-2.2.8-7.fc12.src.rpm:1275113474


Index: ircd-ratbox.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ircd-ratbox/F-13/ircd-ratbox.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- ircd-ratbox.spec	21 Aug 2009 14:00:34 -0000	1.6
+++ ircd-ratbox.spec	29 May 2010 06:23:20 -0000	1.7
@@ -2,7 +2,7 @@
 
 Name:		ircd-ratbox
 Version:	2.2.8
-Release:	6%{?dist}
+Release:	7%{?dist}
 Summary:	Ircd-ratbox is an advanced, stable and fast ircd	
 
 License:	GPLv2
@@ -23,6 +23,7 @@ Source2:	ircd.sysconfig
 Source3:	ircd.fedora.conf
 Source4:	ircd.logrotate
 Patch0:		ircd-ratbox-2.2.8-offbyone.patch
+Patch1:		ircd-ratbox-2.2.8-cache_c.patch
 
 %description
 ircd-ratbox is an advanced, stable, fast ircd. It is an evolution where
@@ -40,6 +41,7 @@ Ircd-mkpasswd is a password hash generat
 %prep
 %setup -q 
 %patch0 -p1 -b .offbyone
+%patch1 -p1 -b .cache_c
 
 %{__sed} -i													\
 	-e 's|#servlink_path = "/usr/local/ircd/bin/servlink";|servlink_path = "%{_bindir}/servlink";|'		\
@@ -128,6 +130,9 @@ fi
 %{_bindir}/ircd-mkpasswd
 
 %changelog
+* Sat May 29 2010 Rakesh Pandit <rakesh at fedoraproject.org> - 2.2.9-7
+- BZ Bug 559383 - CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 2.2.8-6
 - rebuilt with new openssl
 

