From: Pekka Riikonen <priikone@silcnet.org>
Date: Fri, 20 Apr 2001 15:14:58 +0000 (+0000)
Subject: 	updates.
X-Git-Tag: 1.2.beta1~2330
X-Git-Url: http://git.silcnet.org/gitweb/?a=commitdiff_plain;h=ca8a0c1b3e943137443f371c76ecdb563399d0bd;p=crypto.git

	updates.
---

diff --git a/CHANGES b/CHANGES
index b22ea668..9e449d75 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,11 @@
+Fri Apr 20 18:58:43 EEST 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+	* Fixed buffer overflow in silc_string_compare in the file
+	  lib/silcutil/silcutil.c.
+
+	* Fixed double free in silc_server_command_leave in the file
+	  silcd/command.c.
+
 Fri Apr 20 14:00:11 EEST 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
 
 	* Fixed the version checking in the server.  Affected file is
diff --git a/apps/silcd/command.c b/apps/silcd/command.c
index f2d0f42c..96c64430 100644
--- a/apps/silcd/command.c
+++ b/apps/silcd/command.c
@@ -4661,8 +4661,6 @@ SILC_SERVER_CMD_FUNC(leave)
 				 FALSE : !server->standalone);
   }
 
-  silc_free(id);
-
  out:
   if (id)
     silc_free(id);
diff --git a/apps/silcd/server.c b/apps/silcd/server.c
index 4892cd06..7982f239 100644
--- a/apps/silcd/server.c
+++ b/apps/silcd/server.c
@@ -1521,7 +1521,7 @@ SILC_TASK_CALLBACK(silc_server_packet_parse_real)
     if (client && client->id) {
       void *id = silc_id_str2id(packet->src_id, packet->src_id_len,
 				packet->src_id_type);
-      if (SILC_ID_CLIENT_COMPARE(client->id, id)) {
+      if (!id || SILC_ID_CLIENT_COMPARE(client->id, id)) {
 	silc_free(id);
 	goto out;
       }
diff --git a/lib/silcutil/silcutil.c b/lib/silcutil/silcutil.c
index 2f0f69e0..36668b35 100644
--- a/lib/silcutil/silcutil.c
+++ b/lib/silcutil/silcutil.c
@@ -555,7 +555,7 @@ int silc_string_compare(char *string1, char *string2)
   tmpstr2 = silc_calloc(slen2 + 1, sizeof(char));
   memcpy(tmpstr2, string2, slen2);
   
-  for (i = 0; i < slen2; i++) {
+  for (i = 0; i < slen1; i++) {
     
     /* * wildcard. Only one * wildcard is possible. */
     if (tmpstr1[i] == '*')
@@ -576,11 +576,6 @@ int silc_string_compare(char *string1, char *string2)
 	if (!(slen1 < slen2))
 	  tmpstr2[i] = '?';
       }
-#if 0
-    } else {
-      if (strncmp(tmpstr1, tmpstr2, i))
-	strncpy(tmpstr2, string2, slen2);
-#endif
     }
   }