From 42f9b2489394181a278bf95ea3830d22bd5746f7 Mon Sep 17 00:00:00 2001 From: brad Date: Wed, 13 Dec 2000 14:37:08 +0000 Subject: [PATCH] Fix a buffer overflow in the DNS resolution code. A buffer overflow within the resolver code makes it possible to overwrite stack variables by generating a malformed DNS packet. This problem makes it possible to create a situation where a malicious user may be able to execute code remotely with the UID and GID of the BitchX client. It is necessary for an attacker to control their own DNS to exploit this bug. --- net/bitchx/Makefile | 6 +++--- net/bitchx/patches/patch-source_misc.c | 22 ++++++++++++++++++++++ net/bitchx/pkg/SECURITY | 11 +++++++++++ 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 net/bitchx/patches/patch-source_misc.c create mode 100644 net/bitchx/pkg/SECURITY diff --git a/net/bitchx/Makefile b/net/bitchx/Makefile index 779be8fd1aa..a70cdef8840 100644 --- a/net/bitchx/Makefile +++ b/net/bitchx/Makefile @@ -1,11 +1,11 @@ -# $OpenBSD: Makefile,v 1.29 2000/09/24 07:04:10 brad Exp $ +# $OpenBSD: Makefile,v 1.30 2000/12/13 14:37:08 brad Exp $ # $FreeBSD: Makefile,v 1.3 1998/07/21 11:38:44 eivind Exp $ VERSION= 1.0c17 DISTNAME= BitchX-${VERSION} -PKGNAME= bitchx-${VERSION} +PKGNAME= bitchx-${VERSION}p1 CATEGORIES= net -NEED_VERSION= 1.330 +NEED_VERSION= 1.336 MASTER_SITES= ftp://ftp.bitchx.com/pub/BitchX/source/ \ ftp://ftp.bitchx.org/pub/BitchX/source/ \ ftp://bitchx.dimension6.com/pub/BitchX/source/ diff --git a/net/bitchx/patches/patch-source_misc.c b/net/bitchx/patches/patch-source_misc.c new file mode 100644 index 00000000000..388b6a63d14 --- /dev/null +++ b/net/bitchx/patches/patch-source_misc.c @@ -0,0 +1,22 @@ +--- source/misc.c.orig Tue Dec 12 17:05:45 2000 ++++ source/misc.c Tue Dec 12 17:07:24 2000 +@@ -2641,6 +2641,11 @@ + switch(type) + { + case T_A : ++ if (dlen != sizeof(struct in_addr)) ++ { ++ cp += dlen; ++ break; ++ } + rptr->re_he.h_length = dlen; + if (ans == 1) + rptr->re_he.h_addrtype=(class == C_IN) ? +@@ -2687,6 +2692,7 @@ + *alias = NULL; + break; + default : ++ cp += dlen; + break; + } + } diff --git a/net/bitchx/pkg/SECURITY b/net/bitchx/pkg/SECURITY new file mode 100644 index 00000000000..9b5eb30af78 --- /dev/null +++ b/net/bitchx/pkg/SECURITY @@ -0,0 +1,11 @@ +$OpenBSD: SECURITY,v 1.1 2000/12/13 14:37:08 brad Exp $ + +patches/patch-source_misc.c +${WRKSRC}/source/misc.c + Fix a buffer overflow in the DNS resolution code. A buffer overflow + within the resolver code makes it possible to overwrite stack + variables by generating a malformed DNS packet. This problem makes + it possible to create a situation where a malicious user may be + able to execute code remotely with the UID and GID of the BitchX + client. It is necessary for an attacker to control their own DNS + to exploit this bug.