From 6b62be52840277aabbac6e67392dd00853c26c9c Mon Sep 17 00:00:00 2001
From: Michiel Broek <mbse@mbse.eu>
Date: Fri, 14 Mar 2008 20:09:37 +0000
Subject: [PATCH] Fixed another buffer overflow in tic processing

---
 ChangeLog        | 5 +++++
 mbfido/orphans.c | 2 +-
 mbfido/ptic.c    | 3 +--
 mbfido/tic.c     | 8 ++++----
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index defbea87..bb2895af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@ $Id$
 
 v0.95.3		12-Mar-2008
 
+	mbfido:
+		Fixed another buffer overflow thanks someone who is using a
+		tic processor that doesn't follow specs and doesn't create
+		proper ticfiles.
+
 
 v0.95.2		17-Feb-2008 - 12-Mar-2008.
 
diff --git a/mbfido/orphans.c b/mbfido/orphans.c
index 6cfc7474..85799519 100644
--- a/mbfido/orphans.c
+++ b/mbfido/orphans.c
@@ -50,7 +50,7 @@ void tidy_orphans(orphans **qal)
 void fill_orphans(orphans **qal, char *TicName, char *Area, char *FileName, int Orphaned, int BadCRC)
 {
     orphans	*tmp;
-Syslog('-', "fill_orphans");
+    
     tmp = (orphans *)malloc(sizeof(orphans));
     tmp->next = *qal;
     snprintf(tmp->TicName, 13, TicName);
diff --git a/mbfido/ptic.c b/mbfido/ptic.c
index 7e93f037..618b6d5e 100644
--- a/mbfido/ptic.c
+++ b/mbfido/ptic.c
@@ -71,7 +71,7 @@ int ProcessTic(fa_list **sbl, orphans **opl)
     int		    First, Listed = FALSE, DownLinks = 0, MustRearc = FALSE;
     int		    UnPacked = FALSE, IsArchive = FALSE, rc, i, j, k, File_Id = FALSE;
     char	    *Temp, *unarc = NULL, *cmd = NULL;
-    char	    temp1[PATH_MAX], temp2[PATH_MAX], sbe[24], TDesc[256];
+    char	    temp1[PATH_MAX], temp2[PATH_MAX], sbe[24], TDesc[1024];
     unsigned int    crc, crc2, Kb;
     sysconnect	    Link;
     FILE	    *fp;
@@ -587,7 +587,6 @@ int ProcessTic(fa_list **sbl, orphans **opl)
 	    }
 	}
     }
-
     clean_tmpwork();
     chdir(TIC.Inbound);
 
diff --git a/mbfido/tic.c b/mbfido/tic.c
index 4cb04ba8..bf17a1b3 100644
--- a/mbfido/tic.c
+++ b/mbfido/tic.c
@@ -4,7 +4,7 @@
  * Purpose ...............: Process .tic files
  *
  *****************************************************************************
- * Copyright (C) 1997-2007
+ * Copyright (C) 1997-2008
  *   
  * Michiel Broek		FIDO:		2:280/2802
  * Beekmansbos 10
@@ -275,11 +275,11 @@ int LoadTic(char *inb, char *tfn, orphans **opl)
 
 	} else if (strncasecmp(Temp, "origin ", 7) == 0) {
 	    strncpy(TIC.TicIn.Origin, Temp+7, 80);
-	    strncpy(T_File.Origin, Temp+7, 80);
+	    strncpy(T_File.Origin, Temp+7, 23);
 
 	} else if (strncasecmp(Temp, "from ", 5) == 0) {
 	    strncpy(TIC.TicIn.From, Temp+5, 80);
-	    strncpy(T_File.From, Temp+5, 80);
+	    strncpy(T_File.From, Temp+5, 23);
 
 	} else if (strncasecmp(Temp, "file ", 5) == 0) {
 	    strncpy(TIC.TicIn.File, Temp+5, 80);
@@ -299,7 +299,7 @@ int LoadTic(char *inb, char *tfn, orphans **opl)
 	} else if (strncasecmp(Temp, "crc ", 4) == 0) {
 	    TIC.Crc_Int = strtoul(Temp+4, (char **)NULL, 16);
 	    snprintf(TIC.TicIn.Crc, 9, "%08X", TIC.Crc_Int);
-	    strcpy(T_File.Crc, TIC.TicIn.Crc);
+	    strncpy(T_File.Crc, TIC.TicIn.Crc, 8);
 
 	} else if (strncasecmp(Temp, "pw ", 3) == 0) {
 	    strncpy(TIC.TicIn.Pw, Temp+3, 20);