thr3ads.net - Secure testing team - [Secure-testing-team] Bug#567193: include patch from DSA to fix integer underflow [Jan 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Steffen Joeris

2010-Jan-27 20:52 UTC

[Secure-testing-team] Bug#567193: include patch from DSA to fix integer underflow

Package: oftc-hybrid
Severity: grave
Tags: security patch

Hi

Please include the patch from DSA-1980-1, which fixes an integer
underflow (patch attached).

Cheers
Steffen
-------------- next part --------------
--- ircd-hybrid-7.2.2.dfsg.2.orig/src/irc_string.c
+++ ircd-hybrid-7.2.2.dfsg.2/src/irc_string.c
@@ -103,7 +103,9 @@
     }
     else
       *d++ = *src;
-    ++src, --len;
+    if (len > 0) {
+    	++src, --len;
+    }
   }
   *d = ''\0'';
   return dest;

Secure testing team - Jan 2010 - Bug#567193: include patch from DSA to fix integer underflow

[Secure-testing-team] Bug#567193: include patch from DSA to fix integer underflow