Fix a buffer overflow in the DNS resolution code. A buffer overflow

within the resolver code makes it possible to overwrite stack
variables by generating a malformed DNS packet. This problem makes
it possible to create a situation where a malicious user may be
able to execute code remotely with the UID and GID of the BitchX
client. It is necessary for an attacker to control their own DNS
to exploit this bug.

net/bitchx/Makefile

@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.29 2000/09/24 07:04:10 brad Exp $
+# $OpenBSD: Makefile,v 1.30 2000/12/13 14:37:08 brad Exp $
 # $FreeBSD: Makefile,v 1.3 1998/07/21 11:38:44 eivind Exp $
 
 VERSION=	1.0c17
 DISTNAME=	BitchX-${VERSION}
-PKGNAME=	bitchx-${VERSION}
+PKGNAME=	bitchx-${VERSION}p1
 CATEGORIES=	net
-NEED_VERSION=	1.330
+NEED_VERSION=	1.336
 MASTER_SITES=	ftp://ftp.bitchx.com/pub/BitchX/source/ \
 		ftp://ftp.bitchx.org/pub/BitchX/source/ \
 		ftp://bitchx.dimension6.com/pub/BitchX/source/

net/bitchx/patches/patch-source_misc.c

@@ -0,0 +1,22 @@
+--- source/misc.c.orig	Tue Dec 12 17:05:45 2000
++++ source/misc.c	Tue Dec 12 17:07:24 2000
+@@ -2641,6 +2641,11 @@
+ 		switch(type)
+ 		{
+ 		case T_A :
++			if (dlen != sizeof(struct in_addr))
++			{
++				cp += dlen;
++				break;
++			}
+ 			rptr->re_he.h_length = dlen;
+ 			if (ans == 1)
+ 				rptr->re_he.h_addrtype=(class == C_IN) ?
+@@ -2687,6 +2692,7 @@
+ 			*alias = NULL;
+ 			break;
+ 		default :
++			cp += dlen;
+ 			break;
+ 		}
+ 	}

net/bitchx/pkg/SECURITY

@@ -0,0 +1,11 @@
+$OpenBSD: SECURITY,v 1.1 2000/12/13 14:37:08 brad Exp $
+
+patches/patch-source_misc.c
+${WRKSRC}/source/misc.c
+	Fix a buffer overflow in the DNS resolution code. A buffer overflow
+	within the resolver code makes it possible to overwrite stack
+	variables by generating a malformed DNS packet. This problem makes
+	it possible to create a situation where a malicious user may be
+	able to execute code remotely with the UID and GID of the BitchX
+	client. It is necessary for an attacker to control their own DNS 
+	to exploit this bug.