[IRCServices] ircservices-4.4.7 Bugs

&quot &quot
Sun Sep 10 01:56:57 PDT 2000


Fooey,

> 4.4.7 has reintroduced the memory allocation bug in do_sjoin.
>
> c = smalloc(sizeof(*channel)) should be c = smalloc(sizeof(*c))

Fixed.

> -Also in do_sjoin: The last do_cmode in the function should have a first
> param of av[2] not av[0].

Fixed.

> -In addition, I believe that in config.c the type for DefSessionLimit
> should be PARAM_INT and not PARAM_POSINT if the attempt (as per
> the Changes
> file) is to allow a limit of zero.

Already fixed in 4.5 - backported to 4.4.8.

> -do_deop reports deop's in the same manner that do_op did.
> Hence, the same
> buffer overflow that existed in do_op still seems to be around in do_deop.

Oh crap, how on earth did I miss this. Fixed. :)

On this note, please can buffer overflows, and other sensitive bugs, be
reported directly to me rather than the list - so that I can have a fix done
before the entire world of unethical users become aware of them. Sometimes
I'm not able to get a fix out immediately, leaving many networks
unprotected.

Thanks, Andrew


---------------------------------------------------------------
To unsubscribe, send email to majordomo at ender.shadowfire.org
with "unsubscribe ircservices" in the body, without the quotes.