From: Pekka Riikonen Date: Mon, 2 Jul 2007 13:34:01 +0000 (+0000) Subject: Fixed NICK_CHANGE buffer overflow X-Git-Tag: silc.client.1.1.2~1 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=665ee4a1f1571804376f9be28363ad5d9e91ff7f Fixed NICK_CHANGE buffer overflow --- diff --git a/CHANGES b/CHANGES index c5f1ab51..c9aa3464 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,12 @@ +Mon Jul 2 17:28:47 CEST 2007 Pekka Riikonen + + * In silc_client_free check that scheduler is allocated before + trying to free it. Affected file is lib/silcclient/client.c. + + * Fixed buffer overflow in NICK_CHANGE notify. The destination + buffer for old nickname was too small. Affected file is + lib/silclient/client_notify.c. + Sun Jul 1 19:15:15 EEST 2007 Pekka Riikonen * SILC Server 1.1 Beta1. diff --git a/lib/silcclient/client_entry.c b/lib/silcclient/client_entry.c index 0c812de0..488acfd3 100644 --- a/lib/silcclient/client_entry.c +++ b/lib/silcclient/client_entry.c @@ -1281,6 +1281,7 @@ SilcClientEntry silc_client_nickname_format(SilcClient client, } newnick[off] = 0; + memset(client_entry->nickname, 0, sizeof(client_entry->nickname)); memcpy(client_entry->nickname, newnick, strlen(newnick)); silc_client_list_free(client, conn, clients); diff --git a/lib/silcclient/client_notify.c b/lib/silcclient/client_notify.c index 005299c6..5d431954 100644 --- a/lib/silcclient/client_notify.c +++ b/lib/silcclient/client_notify.c @@ -690,7 +690,7 @@ SILC_FSM_STATE(silc_client_notify_nick_change) SilcNotifyType type = silc_notify_get_type(payload); SilcArgumentPayload args = silc_notify_get_args(payload); SilcClientEntry client_entry = NULL; - unsigned char *tmp, oldnick[128 + 1]; + unsigned char *tmp, oldnick[256 + 1]; SilcUInt32 tmp_len; SilcID id, id2; SilcBool valid;