[ SOURCE: http://www.secureroot.com/security/advisories/9768309590.html ]

listed are two bugs in the BitchX irc client. a possible stack overflow

condition exists if a malformed DNS answer is processed by the client.

a second bug allows this malformed DNS record to be embedded in a valid

DNS packet. without the second bug the malformed DNS record wouldn't

be processed "correctly."



this patch is derived from the BitchX-1.0c17 source tree, but is relevent

to previous versions:



*** BitchX/source/misc.c.orig   Thu Dec  7 01:33:11 2000

--- BitchX/source/misc.c        Thu Dec  7 01:42:38 2000

***************

*** 2643,2648 ****

--- 2643,2653 ----

                switch(type)

                {

                case T_A :

+                       if (dlen != sizeof(struct in_addr))

+                       {

+                               cp += dlen;

+                               break;

+                       }

                        rptr->re_he.h_length = dlen;

                        if (ans == 1)

                                rptr->re_he.h_addrtype=(class == C_IN)

?

***************

*** 2689,2694 ****

--- 2694,2700 ----

                        *alias = NULL;

                        break;

                default :

+                       cp += dlen;

                        break;

                }

        }



__________________________________________________

FREE voicemail, email, and fax...all in one place.

Sign Up Now! http://www.onebox.com