Advisories : Bugs in the BitchX irc client

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Bugs in the BitchX irc client

Title:	Bugs in the BitchX irc client
Released by:	nimrood
Date:	8th December 2000
Printable version:	Click here

listed are two bugs in the BitchX irc client. a possible stack overflow

condition exists if a malformed DNS answer is processed by the client.

a second bug allows this malformed DNS record to be embedded in a valid

DNS packet. without the second bug the malformed DNS record wouldn't

be processed "correctly."



this patch is derived from the BitchX-1.0c17 source tree, but is relevent

to previous versions:



*** BitchX/source/misc.c.orig   Thu Dec  7 01:33:11 2000

--- BitchX/source/misc.c        Thu Dec  7 01:42:38 2000

***************

*** 2643,2648 ****

--- 2643,2653 ----

                switch(type)

                {

                case T_A :

+                       if (dlen != sizeof(struct in_addr))

+                       {

+                               cp += dlen;

+                               break;

+                       }

                        rptr->re_he.h_length = dlen;

                        if (ans == 1)

                                rptr->re_he.h_addrtype=(class == C_IN)

?

***************

*** 2689,2694 ****

--- 2694,2700 ----

                        *alias = NULL;

                        break;

                default :

+                       cp += dlen;

                        break;

                }

        }



__________________________________________________

FREE voicemail, email, and fax...all in one place.

Sign Up Now! http://www.onebox.com