Re: BitchX - more on format bugs?

[christopher () SCHULTE ORG (Christopher Schulte)]

At 10:34 AM 7/3/00 -0500, Forever shall I be. wrote:
> Well, I've not seen this posted to bugtraq yet, so here goes... BitchX has
> fallen victim to the infamous format bug... All unpatched versions of
> BitchX are apparently vulnerable (patch follows)..

There is also a patch for BitchX-75p3:

Instructions:

cd BitchX/source
patch < /path/to/75p3-format.patch

It should apply cleanly.  Then recompile bx and restart your client.

--- parse.c.orig        Fri Feb 26 11:01:55 1999
+++ parse.c     Mon Jul  3 05:17:14 2000
@@ -1030,7 +1030,7 @@
                                 bitchsay("Press Ctrl-K to join %s (%s)",
invite_channel, ArgList[2]);
                         else
                                 bitchsay("Press Ctrl-K to join %s",
invite_channel);
-                       logmsg(LOG_INVITE, from, 0, invite_channel);
+                       logmsg(LOG_INVITE, from, 0, "%s", invite_channel);
                 }
                 if (!(chan = lookup_channel(invite_channel, from_server, 0)))
                         if ((w_chan =
check_whowas_chan_buffer(invite_channel, 0)))
@@ -1097,7 +1097,7 @@
                         fudge_nickname(from_server);
                 if (get_int_var(AUTO_RECONNECT_VAR))
                         servercmd (NULL, sc, empty_string, NULL);
-               logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)");
+               logmsg(LOG_KILL, from, 0, "%s", ArgList[1]?ArgList[1]:"(No
Reason)");
         }
         update_all_status(current_window, NULL, 0);
  }

> --
> Zinx Verituse <zinx () linuxfreak com>
> gpg (id 921B1558) (fp 5746 73A1 2184 A27A 9EC0  EDCC E132 BCEF 921B 1558)


--
Christopher Schulte | christopher () schulte org
cell:612.986.4859   | home:651.225.4557 | fax: 651.315.3339
page:612.264.1115   | free:877.271.9245 | site: schulte.org

COMING SOON http://SchulteConsulting.COM/
reliable computer consulting at a fair price.