summaryrefslogtreecommitdiff
path: root/games
diff options
context:
space:
mode:
authorwiz <wiz>1999-12-23 01:44:03 +0000
committerwiz <wiz>1999-12-23 01:44:03 +0000
commit3e961fc4066aed3b6b2aeb008bdf2400a488a9bf (patch)
tree9d39f610fb0fe81fe54d9a441ee8b7093bd8f2e1 /games
parent0d7806445cdc6e77d5a0c0ca2dc95743f77a5910 (diff)
downloadpkgsrc-3e961fc4066aed3b6b2aeb008bdf2400a488a9bf.tar.gz
security fix (buffer overflow attack was possible, gaining group games)
see posting by Brock Tellier on Bugtraq 1999-12-15 as discussed on packages@netbsd.org, with comment by Hubert Feyrer incorporated
Diffstat (limited to 'games')
-rw-r--r--games/xsoldier/files/patch-sum5
-rw-r--r--games/xsoldier/patches/patch-ab59
-rw-r--r--games/xsoldier/patches/patch-ac12
-rw-r--r--games/xsoldier/patches/patch-ad12
4 files changed, 87 insertions, 1 deletions
diff --git a/games/xsoldier/files/patch-sum b/games/xsoldier/files/patch-sum
index 5190fb49448..7a93f3a6b36 100644
--- a/games/xsoldier/files/patch-sum
+++ b/games/xsoldier/files/patch-sum
@@ -1,3 +1,6 @@
-$NetBSD: patch-sum,v 1.1 1999/07/09 13:51:04 agc Exp $
+$NetBSD: patch-sum,v 1.2 1999/12/23 01:44:03 wiz Exp $
MD5 (patch-aa) = e75fdc4bff99d42584c849fddedcd4cd
+MD5 (patch-ab) = f8953cb70b7fd8781d6867e5b957ea73
+MD5 (patch-ac) = 22ee898aecc2079f706e288f2bde6d49
+MD5 (patch-ad) = 653ec785603b0be603214a7be0e07b41
diff --git a/games/xsoldier/patches/patch-ab b/games/xsoldier/patches/patch-ab
new file mode 100644
index 00000000000..2524b32be03
--- /dev/null
+++ b/games/xsoldier/patches/patch-ab
@@ -0,0 +1,59 @@
+$NetBSD: patch-ab,v 1.1 1999/12/23 01:44:03 wiz Exp $
+--- main.c.orig Fri Feb 28 16:50:07 1997
++++ main.c Wed Dec 22 02:32:19 1999
+@@ -49,8 +49,8 @@ static void clean(void);
+ static void sig_handle(void);
+
+ /*** ふぁいるぐろーばる ***/
+-static char command[32];
+-static char display[32] = {'\0'};
++static char *command;
++static char *display = NULL;
+ static int scoreOK = True;
+ static int putscore = False;
+ static int colormap = True;
+@@ -65,7 +65,7 @@ int main(int argc, char *argv[])
+ {
+ int i;
+ printf(" --- top 10 soldiers ---\n");
+- printf("Name Stage Score\n",command);
++ printf("Name Stage Score\n");
+ for (i=1; i<=10; i++)
+ printf("%-20s %02d-%02d %08d\n",
+ player->Rec[i].name,
+@@ -122,21 +122,19 @@ int main(int argc, char *argv[])
+
+ static void arginit(int argc, char *argv[])
+ {
+- char *argv0;
+ int i;
+
+- if ((argv0=strrchr(argv[0],'/')) != NULL)
+- argv0++;
++ if ((command=strrchr(argv[0],'/')) != NULL)
++ command++;
+ else
+- argv0 = argv[0];
+- strcpy(command,argv0); /*** コマンド名取得とコピー ***/
++ command = argv[0];
+
+ for (i=1; i<argc; i++)
+ {
+ if ((strcmp(argv[i],"-display")==0) || (strcmp(argv[i],"-d")==0))
+ {
+ if (i < argc-1)
+- strcpy(display,argv[i+1]);
++ display = argv[i+1];
+ }
+ else if ((strcmp(argv[i],"-wait")==0) || (strcmp(argv[i],"-w")==0))
+ {
+@@ -207,7 +205,8 @@ static void init(void)
+ dpy = XOpenDisplay(display);
+ if (dpy == NULL)
+ {
+- fprintf(stderr,"init: [%s] can't open display.\n",display);
++ fprintf(stderr,"init: [%s] can't open display.\n",
++ display?display:getenv("DISPLAY")?getenv("DISPLAY"):":0");
+ exit(1);
+ }
+
diff --git a/games/xsoldier/patches/patch-ac b/games/xsoldier/patches/patch-ac
new file mode 100644
index 00000000000..d8079b51bd1
--- /dev/null
+++ b/games/xsoldier/patches/patch-ac
@@ -0,0 +1,12 @@
+$NetBSD: patch-ac,v 1.1 1999/12/23 01:44:03 wiz Exp $
+--- score.c.orig Mon Feb 24 16:25:44 1997
++++ score.c Wed Dec 22 02:32:19 1999
+@@ -53,7 +53,7 @@ int ReadHiscore(PlayerData *p)
+ p->Rec[i].score = score;
+ p->Rec[i].loop = loop;
+ p->Rec[i].stage = stage;
+- strcpy(p->Rec[i].name,name);
++ strncpy(p->Rec[i].name,name,sizeof(p->Rec[i].name));
+ }
+ fclose(fp);
+ }
diff --git a/games/xsoldier/patches/patch-ad b/games/xsoldier/patches/patch-ad
new file mode 100644
index 00000000000..3eaa9307f8c
--- /dev/null
+++ b/games/xsoldier/patches/patch-ad
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.1 1999/12/23 01:44:03 wiz Exp $
+--- manage.c.orig Mon Feb 24 17:20:07 1997
++++ manage.c Wed Dec 22 02:32:19 1999
+@@ -306,7 +306,7 @@ PlayerData *NewPlayerData(void)
+ if ((pw=getpwuid(getuid())) == NULL)
+ sprintf(name,"%d",getuid());
+ else
+- strcpy(name,pw->pw_name);
++ strncpy(name,pw->pw_name,sizeof(name));
+
+ New = (PlayerData *)malloc(sizeof(PlayerData));
+