From 65c888b5ab3fb4fd10240da09706b60fcc32cb61 Mon Sep 17 00:00:00 2001 From: Kobi Shmueli Date: Wed, 28 Nov 2018 21:10:48 +0200 Subject: [PATCH 1/2] Fix a security bug on readwrite_client() that could lead to server crashes by SSL users --- src/s_bsd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/s_bsd.c b/src/s_bsd.c index 4d65305c..96f0d292 100644 --- a/src/s_bsd.c +++ b/src/s_bsd.c @@ -1750,7 +1750,11 @@ int readwrite_client(aClient *cptr, int isread, int iswrite) if(cptr->ssl && IsSSL(cptr) && !SSL_is_init_finished(cptr->ssl)) { if(IsDead(cptr) || !safe_ssl_accept(cptr, cptr->fd)) + { + if(IsClient(cptr)) + return exit_client(cptr, cptr, &me, iswrite?"Write Error: SSL Bug #7845":"Read Error: SSL Bug #7845"); close_connection(cptr); + } return 1; } #endif From cd689761320190c8a16e7029b50a81e1c00e1280 Mon Sep 17 00:00:00 2001 From: Kobi Shmueli Date: Wed, 28 Nov 2018 21:11:35 +0200 Subject: [PATCH 2/2] Update CHANGES and patchlevel. This is 2.1.4. --- CHANGES | 19 +++++++++++++++++++ include/patchlevel.h | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 95baf04c..bdb00877 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,22 @@ +Changes for 2.1.4: +------------------ +- typo fix (cptr --> sptr) that could lead to server crashes in some cases +- Duplicate USER_VERBOSE and OPER_VERBOSE xflags into USER_VERBOSEV2 and OPER_VERBOSEV2 + (this will make it easier for us to enable them on upgraded servers without affecting non-upgraded servers). +- Don't accept too long hostnames from WEBIRC +- Don't allow WEBIRC to use 0.0.0.*, 127.0.0.* or Staff_Address +- Don't allow WEBIRC to use DEFAULT_STAFF_ADDRESS either +- Make sure the host on WEBIRC will have at least one dot +- Allow WEBIRC hosts to have a semicolon too (for IPv6 IP addresses) + +Changes for 2.1.3 (private release): +------------------------------------ +- Optimize sendto_channel_butone() and sendto_channel_butlocal() functions +- More sanity checks (just to be on the safe side...) +- Fix SVSXCF calls with no channel name on send_topic_burst() +- Cosmetic change (clarify what umode +y does) +- Fix a security bug on readwrite_client() that could lead to server crashes by SSL users + Changes for 2.1.2: ------------------ - Increase the umode buffer on register_user() to prevent a possible diff --git a/include/patchlevel.h b/include/patchlevel.h index 7602c24e..7da49565 100644 --- a/include/patchlevel.h +++ b/include/patchlevel.h @@ -22,7 +22,7 @@ #define BASENAME "bahamut" #define MAJOR 2 #define MINOR 1 -#define PATCH 2 +#define PATCH 4 #define PATCHES ""