From: Håvard Flaget Aasen <haavard_aasen@yahoo.no>
Date: Thu, 13 May 2021 21:39:51 +0200
Subject: Fix CVE-2021-29376

CVE-2021-29376 allows remote attackers to cause a denial of service
(segmentation fault and client crash, disconnecting the victim from an IRC
server) via a crafted CTCP UTC message.

Bug-Debian: https://bugs.debian.org/#986214
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-29376
---
 source/ctcp.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/source/ctcp.c b/source/ctcp.c
index 1a714c6..c5ddde0 100644
--- a/source/ctcp.c
+++ b/source/ctcp.c
@@ -536,12 +536,23 @@ do_utc(CtcpEntry *ctcp, u_char *from, u_char *to, u_char *args)
 {
 	time_t	tm;
 	u_char	*date = NULL;
+	char	*curtime;
 
 	if (!args || !*args)
 		return NULL;
 	tm = my_atol(args);
-	malloc_strcpy(&date, UP(ctime(&tm)));
-	date[my_strlen(date)-1] = '\0';
+	curtime = ctime(&tm);
+	if (curtime)
+	{
+		u_char *s = my_index(curtime, '\n');
+		if (s)
+			*s = '\0';
+
+		malloc_strcpy(&date, UP(curtime));
+	}
+	else
+		/* if we can't find a time, just return the number */
+		malloc_strcpy(&date, args);
 	return date;
 }