diff options
Diffstat (limited to 'network/rhapsody/securityfix.diff')
| -rw-r--r-- | network/rhapsody/securityfix.diff | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/network/rhapsody/securityfix.diff b/network/rhapsody/securityfix.diff new file mode 100644 index 0000000000..bb9db0d646 --- /dev/null +++ b/network/rhapsody/securityfix.diff @@ -0,0 +1,54 @@ +diff -Naur rhapsody-0.28b/src/dcc.c rhapsody-0.28b.patched/src/dcc.c +--- rhapsody-0.28b/src/dcc.c 2006-02-24 01:46:19.000000000 -0500 ++++ rhapsody-0.28b.patched/src/dcc.c 2021-09-16 15:46:52.830186229 -0400 +@@ -702,7 +702,11 @@ + FILE *fp; + int fd; + +- sprintf(filepath, "%s/%s", configuration.dccdlpath, filename); ++ if(strchr(filename, "/")) { ++ vprint_all_attrib(ERROR_COLOR, "DCC File: Filename %s has directory separators, not allowed\n", filename); ++ } ++ ++ snprintf(filepath, 1023, "%s/%s", configuration.dccdlpath, filename); + + /* check if the file exists, and if it does, append a timestamp extension */ + fp = fopen(filepath, "rb"); +@@ -710,13 +714,13 @@ + if (fp != NULL && configuration.dccduplicates == 1){ + ct = time(NULL); + t = localtime(&ct); +- sprintf(filestamp, "%s.%04d%02d%02d%02d%02d%02d", filename, t->tm_year + 1900, t->tm_mon, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); ++ snprintf(filestamp, 1023, "%s.%04d%02d%02d%02d%02d%02d", filename, t->tm_year + 1900, t->tm_mon, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); + vprint_all_attrib(DCC_COLOR, "DCC file %s exists, saving as %s\n", filename, filestamp); +- sprintf(filepath, "%s/%s", configuration.dccdlpath, filestamp); ++ snprintf(filepath, 1023, "%s/%s", configuration.dccdlpath, filestamp); + fclose(fp); + strcpy(filenamex, filestamp); + } +- else strcpy(filenamex, filename); ++ else strncpy(filenamex, filename, 1023); + + //fp = fopen(filepath, "wb"); + //if (fp == NULL){ +diff -Naur rhapsody-0.28b/src/screen.c rhapsody-0.28b.patched/src/screen.c +--- rhapsody-0.28b/src/screen.c 2006-02-24 01:46:19.000000000 -0500 ++++ rhapsody-0.28b.patched/src/screen.c 2021-09-16 15:39:03.142240866 -0400 +@@ -2294,7 +2294,7 @@ + void add_input_buffer(inputwin *I, int value){ + char scratch[MAXDATASIZE]; + +- if (I->cursorpos < MAXDATASIZE){ ++ if (I->cursorpos < MAXDATASIZE - 1){ + strcpy(scratch, &(I->inputbuffer)[I->cursorpos]); + (I->inputbuffer)[I->cursorpos] = value; + strcpy(&(I->inputbuffer)[I->cursorpos+1], scratch); +@@ -2306,7 +2306,7 @@ + void append_input_buffer(inputwin *I, char *string){ + char scratch[MAXDATASIZE]; + +- if (I->cursorpos + strlen(string) < MAXDATASIZE){ ++ if (I->cursorpos + strlen(string) < MAXDATASIZE - 1){ + strcpy(scratch, &(I->inputbuffer)[I->cursorpos]); + strcpy(&(I->inputbuffer)[I->cursorpos], string); + strcpy(&(I->inputbuffer)[I->cursorpos + strlen(string)], scratch); |