summaryrefslogtreecommitdiff
path: root/network/rhapsody/securityfix.diff
diff options
context:
space:
mode:
Diffstat (limited to 'network/rhapsody/securityfix.diff')
-rw-r--r--network/rhapsody/securityfix.diff54
1 files changed, 54 insertions, 0 deletions
diff --git a/network/rhapsody/securityfix.diff b/network/rhapsody/securityfix.diff
new file mode 100644
index 0000000000..bb9db0d646
--- /dev/null
+++ b/network/rhapsody/securityfix.diff
@@ -0,0 +1,54 @@
+diff -Naur rhapsody-0.28b/src/dcc.c rhapsody-0.28b.patched/src/dcc.c
+--- rhapsody-0.28b/src/dcc.c 2006-02-24 01:46:19.000000000 -0500
++++ rhapsody-0.28b.patched/src/dcc.c 2021-09-16 15:46:52.830186229 -0400
+@@ -702,7 +702,11 @@
+ FILE *fp;
+ int fd;
+
+- sprintf(filepath, "%s/%s", configuration.dccdlpath, filename);
++ if(strchr(filename, "/")) {
++ vprint_all_attrib(ERROR_COLOR, "DCC File: Filename %s has directory separators, not allowed\n", filename);
++ }
++
++ snprintf(filepath, 1023, "%s/%s", configuration.dccdlpath, filename);
+
+ /* check if the file exists, and if it does, append a timestamp extension */
+ fp = fopen(filepath, "rb");
+@@ -710,13 +714,13 @@
+ if (fp != NULL && configuration.dccduplicates == 1){
+ ct = time(NULL);
+ t = localtime(&ct);
+- sprintf(filestamp, "%s.%04d%02d%02d%02d%02d%02d", filename, t->tm_year + 1900, t->tm_mon, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
++ snprintf(filestamp, 1023, "%s.%04d%02d%02d%02d%02d%02d", filename, t->tm_year + 1900, t->tm_mon, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
+ vprint_all_attrib(DCC_COLOR, "DCC file %s exists, saving as %s\n", filename, filestamp);
+- sprintf(filepath, "%s/%s", configuration.dccdlpath, filestamp);
++ snprintf(filepath, 1023, "%s/%s", configuration.dccdlpath, filestamp);
+ fclose(fp);
+ strcpy(filenamex, filestamp);
+ }
+- else strcpy(filenamex, filename);
++ else strncpy(filenamex, filename, 1023);
+
+ //fp = fopen(filepath, "wb");
+ //if (fp == NULL){
+diff -Naur rhapsody-0.28b/src/screen.c rhapsody-0.28b.patched/src/screen.c
+--- rhapsody-0.28b/src/screen.c 2006-02-24 01:46:19.000000000 -0500
++++ rhapsody-0.28b.patched/src/screen.c 2021-09-16 15:39:03.142240866 -0400
+@@ -2294,7 +2294,7 @@
+ void add_input_buffer(inputwin *I, int value){
+ char scratch[MAXDATASIZE];
+
+- if (I->cursorpos < MAXDATASIZE){
++ if (I->cursorpos < MAXDATASIZE - 1){
+ strcpy(scratch, &(I->inputbuffer)[I->cursorpos]);
+ (I->inputbuffer)[I->cursorpos] = value;
+ strcpy(&(I->inputbuffer)[I->cursorpos+1], scratch);
+@@ -2306,7 +2306,7 @@
+ void append_input_buffer(inputwin *I, char *string){
+ char scratch[MAXDATASIZE];
+
+- if (I->cursorpos + strlen(string) < MAXDATASIZE){
++ if (I->cursorpos + strlen(string) < MAXDATASIZE - 1){
+ strcpy(scratch, &(I->inputbuffer)[I->cursorpos]);
+ strcpy(&(I->inputbuffer)[I->cursorpos], string);
+ strcpy(&(I->inputbuffer)[I->cursorpos + strlen(string)], scratch);
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-15 16:20:54 +0000