Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-irc/bip/files/bip-CVE-2012-0806.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-irc/bip/files/bip-CVE-2012-0806.patch')
-rw-r--r--net-irc/bip/files/bip-CVE-2012-0806.patch121
1 files changed, 0 insertions, 121 deletions
diff --git a/net-irc/bip/files/bip-CVE-2012-0806.patch b/net-irc/bip/files/bip-CVE-2012-0806.patch
deleted file mode 100644
index 6ea26aead2bb..000000000000
--- a/net-irc/bip/files/bip-CVE-2012-0806.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
-Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
-Date: Sat Jan 7 11:41:02 2012 +0100
-
- Buffer Overflow: check against the implicit size of select() arrays
-
- Reported by Julien Tinnes (Fix #269)
- exit is called when the listening socket can not be created
-
-diff --git a/src/bip.c b/src/bip.c
-index d46ee2b..b4ac706 100644
---- a/src/bip.c
-+++ b/src/bip.c
-@@ -1311,7 +1311,7 @@ int main(int argc, char **argv)
- close(fd);
-
- bip.listener = listen_new(conf_ip, conf_port, conf_css);
-- if (!bip.listener)
-+ if (!bip.listener || bip.listener->connected == CONN_ERROR)
- fatal("Could not create listening socket");
-
- for (;;) {
-diff --git a/src/connection.c b/src/connection.c
-index 07ab431..5c4c24a 100644
---- a/src/connection.c
-+++ b/src/connection.c
-@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn)
- continue;
- }
-
-+ if (cn->handle >= FD_SETSIZE) {
-+ mylog(LOG_WARN, "too many fd used, close socket %d",
-+ cn->handle);
-+
-+ if (close(cn->handle) == -1)
-+ mylog(LOG_WARN, "Error on socket close: %s",
-+ strerror(errno));
-+
-+ cn->handle = -1;
-+ break;
-+ }
-+
- socket_set_nonblock(cn->handle);
-
- if (cn->connecting_data->src) {
-@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc)
- /*
- * This shouldn't happen ! just in case...
- */
-- if (cn->handle < 0) {
-- mylog(LOG_WARN, "wait_event invalid socket %d",
-- cn->handle);
-- if (cn_is_connected(cn))
-- cn->connected = CONN_ERROR;
-- continue;
-- }
-+ if (cn->handle < 0 || cn->handle >= FD_SETSIZE)
-+ fatal("wait_event invalid socket %d", cn->handle);
-
- /* exceptions are OOB and disconnections */
- FD_SET(cn->handle, &fds_except);
-@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port,
- continue;
- }
-
-+ if (cn->handle >= FD_SETSIZE) {
-+ mylog(LOG_WARN, "too many fd used, close listening socket %d",
-+ cn->handle);
-+
-+ if (close(cn->handle) == -1)
-+ mylog(LOG_WARN, "Error on socket close: %s",
-+ strerror(errno));
-+
-+ cn->handle = -1;
-+ break;
-+ }
-+
- if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR,
- (char *)&multi_client,
- sizeof(multi_client)) < 0) {
-@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn)
-
- mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle);
- err = accept(cn->handle, &sa, &sa_len);
-+
- if (err < 0) {
-- mylog(LOG_ERROR, "accept failed: %s", strerror(errno));
-+ fatal("accept failed: %s", strerror(errno));
-+ }
-+
-+ if (err >= FD_SETSIZE) {
-+ mylog(LOG_WARN, "too many client connected, close %d", err);
-+
-+ if (close(err) == -1)
-+ mylog(LOG_WARN, "Error on socket close: %s",
-+ strerror(errno));
-+
- return NULL;
- }
-+
- socket_set_nonblock(err);
-
- conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0);
-diff --git a/src/irc.c b/src/irc.c
-index ebc1b34..147a315 100644
---- a/src/irc.c
-+++ b/src/irc.c
-@@ -2439,9 +2439,10 @@ void bip_on_event(bip_t *bip, connection_t *conn)
-
- if (conn == bip->listener) {
- struct link_client *n = irc_accept_new(conn);
-- assert(n);
-- list_add_last(&bip->conn_list, CONN(n));
-- list_add_last(&bip->connecting_client_list, n);
-+ if (n) {
-+ list_add_last(&bip->conn_list, CONN(n));
-+ list_add_last(&bip->connecting_client_list, n);
-+ }
- return;
- }
-