[ SOURCE: http://www.secureroot.com/security/advisories/9768309590.html ] listed are two bugs in the BitchX irc client. a possible stack overflow condition exists if a malformed DNS answer is processed by the client. a second bug allows this malformed DNS record to be embedded in a valid DNS packet. without the second bug the malformed DNS record wouldn't be processed "correctly." this patch is derived from the BitchX-1.0c17 source tree, but is relevent to previous versions: *** BitchX/source/misc.c.orig Thu Dec 7 01:33:11 2000 --- BitchX/source/misc.c Thu Dec 7 01:42:38 2000 *************** *** 2643,2648 **** --- 2643,2653 ---- switch(type) { case T_A : + if (dlen != sizeof(struct in_addr)) + { + cp += dlen; + break; + } rptr->re_he.h_length = dlen; if (ans == 1) rptr->re_he.h_addrtype=(class == C_IN) ? *************** *** 2689,2694 **** --- 2694,2700 ---- *alias = NULL; break; default : + cp += dlen; break; } } __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com