diff options
author | snj <snj@pkgsrc.org> | 2004-02-28 18:36:38 +0000 |
---|---|---|
committer | snj <snj@pkgsrc.org> | 2004-02-28 18:36:38 +0000 |
commit | 9c0c5d763bb0dc42f7ffab7077e1c5196ac02419 (patch) | |
tree | 3b43a6af28211abf5b0ac2809d533a734aa72964 /games | |
parent | dfb93441757471e4d3654720cb2e8812bf0d616c (diff) | |
download | pkgsrc-9c0c5d763bb0dc42f7ffab7077e1c5196ac02419.tar.gz |
strcpy and sprintf are evil, don't use them. Inspired by similar changes
in Debian. This fixes several locally exploitable vulnerabilities.
Diffstat (limited to 'games')
-rw-r--r-- | games/xboing/Makefile | 4 | ||||
-rw-r--r-- | games/xboing/distinfo | 9 | ||||
-rw-r--r-- | games/xboing/patches/patch-ad | 48 | ||||
-rw-r--r-- | games/xboing/patches/patch-ae | 13 | ||||
-rw-r--r-- | games/xboing/patches/patch-af | 31 | ||||
-rw-r--r-- | games/xboing/patches/patch-ag | 49 | ||||
-rw-r--r-- | games/xboing/patches/patch-ah | 13 | ||||
-rw-r--r-- | games/xboing/patches/patch-ai | 13 |
8 files changed, 173 insertions, 7 deletions
diff --git a/games/xboing/Makefile b/games/xboing/Makefile index b922c1e6885..73132c92500 100644 --- a/games/xboing/Makefile +++ b/games/xboing/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.12 2004/01/20 12:15:41 agc Exp $ +# $NetBSD: Makefile,v 1.13 2004/02/28 18:36:38 snj Exp $ # DISTNAME= xboing2.4 PKGNAME= xboing-2.4 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= games x11 MASTER_SITES= ${MASTER_SITE_XCONTRIB:=games/} diff --git a/games/xboing/distinfo b/games/xboing/distinfo index b6d568f9ad7..37d3b6748f2 100644 --- a/games/xboing/distinfo +++ b/games/xboing/distinfo @@ -1,8 +1,13 @@ -$NetBSD: distinfo,v 1.5 2002/09/23 10:21:19 jlam Exp $ +$NetBSD: distinfo,v 1.6 2004/02/28 18:36:38 snj Exp $ SHA1 (xboing2.4.tar.gz) = 57fad37ab99e6a3ff87ff814d0de1baad3b93b91 Size (xboing2.4.tar.gz) = 588811 bytes SHA1 (patch-aa) = 7236098cd0f15f38e6d20947ecb5efe8c8e6c1b0 SHA1 (patch-ab) = 94b232e173ad7bb39e37d4287669bd0842ef5610 SHA1 (patch-ac) = c8b7d1b323be04c2456768eabf24da43707c4b98 -SHA1 (patch-ad) = 1bb064fda1baebd314e0d65703e7775e9072f43b +SHA1 (patch-ad) = 444331ce4cbca8e291331bc3d5e698e9f01d8f6e +SHA1 (patch-ae) = 99ce1073635a0d9c34e8d53882a5c9d0c9e89a92 +SHA1 (patch-af) = 3abd5e5eabbaac9eeb6496529038f67aac176b76 +SHA1 (patch-ag) = 0488a63bdac3074c0305b05456468c266232f81c +SHA1 (patch-ah) = ba161ff2b28359e9406b7f104fd58bad4c234a6f +SHA1 (patch-ai) = 1a87732ac9cf06fa107060bd07488a22108da193 diff --git a/games/xboing/patches/patch-ad b/games/xboing/patches/patch-ad index c100e0392a6..6946f5aaf02 100644 --- a/games/xboing/patches/patch-ad +++ b/games/xboing/patches/patch-ad @@ -1,7 +1,7 @@ -$NetBSD: patch-ad,v 1.1 2002/07/15 09:01:43 wiz Exp $ +$NetBSD: patch-ad,v 1.2 2004/02/28 18:36:38 snj Exp $ ---- highscore.c.orig Fri Nov 22 02:28:46 1996 -+++ highscore.c +--- highscore.c.orig 1996-11-21 17:28:46.000000000 -0800 ++++ highscore.c 2004-02-28 10:27:07.000000000 -0800 @@ -54,6 +54,9 @@ #include <unistd.h> #include <time.h> @@ -12,3 +12,45 @@ $NetBSD: patch-ad,v 1.1 2002/07/15 09:01:43 wiz Exp $ #include <sys/param.h> #include <X11/Xlib.h> #include <X11/Xutil.h> +@@ -1022,9 +1025,10 @@ int ReadHighScoreTable(type) + if (type == GLOBAL) + { + /* Use the environment variable if it exists */ +- if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); +- else ++ if ((str = getenv("XBOING_SCORE_FILE")) != NULL) { ++ strncpy(filename, str, sizeof(filename)-1); ++ filename[sizeof(filename)-1] = '\0'; ++ } else + strcpy(filename, HIGH_SCORE_FILE); + } + else +@@ -1094,9 +1098,10 @@ int WriteHighScoreTable(type) + if (type == GLOBAL) + { + /* Use the environment variable if it exists */ +- if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); +- else ++ if ((str = getenv("XBOING_SCORE_FILE")) != NULL) { ++ strncpy(filename, str, sizeof(filename)-1); ++ filename[sizeof(filename)-1] = '\0'; ++ } else + strcpy(filename, HIGH_SCORE_FILE); + } + else +@@ -1217,9 +1222,10 @@ static int LockUnlock(cmd) + + + /* Use the environment variable if it exists */ +- if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); +- else ++ if ((str = getenv("XBOING_SCORE_FILE")) != NULL) { ++ strncpy(filename, str, sizeof(filename)-1); ++ filename[sizeof(filename)-1] = '\0'; ++ } else + strcpy(filename, HIGH_SCORE_FILE); + + /* Open the highscore file for both read & write */ diff --git a/games/xboing/patches/patch-ae b/games/xboing/patches/patch-ae new file mode 100644 index 00000000000..a27c88dd801 --- /dev/null +++ b/games/xboing/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.1 2004/02/28 18:36:38 snj Exp $ + +--- demo.c.orig 2004-02-28 10:06:20.000000000 -0800 ++++ demo.c 2004-02-28 10:06:41.000000000 -0800 +@@ -154,7 +154,7 @@ static void DoBlocks(display, window) + + /* Construct the demo level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/demo.data", str); ++ snprintf(levelPath, sizeof(levelPath), "%s/demo.data", str); + else + sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR); + diff --git a/games/xboing/patches/patch-af b/games/xboing/patches/patch-af new file mode 100644 index 00000000000..584d7bc34f2 --- /dev/null +++ b/games/xboing/patches/patch-af @@ -0,0 +1,31 @@ +$NetBSD: patch-af,v 1.1 2004/02/28 18:36:38 snj Exp $ + +--- editor.c.orig 2004-02-28 10:06:52.000000000 -0800 ++++ editor.c 2004-02-28 10:10:24.000000000 -0800 +@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Edit level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/editor.data", str); ++ snprintf(levelPath, sizeof(levelPath), "%s/editor.data", str); + else + sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR); + +@@ -959,7 +959,7 @@ static void LoadALevel(display) + { + /* Construct the Edit level filename */ + if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +@@ -1019,7 +1019,7 @@ static void SaveALevel(display) + { + /* Construct the Edit level filename */ + if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); diff --git a/games/xboing/patches/patch-ag b/games/xboing/patches/patch-ag new file mode 100644 index 00000000000..5e20701aacf --- /dev/null +++ b/games/xboing/patches/patch-ag @@ -0,0 +1,49 @@ +$NetBSD: patch-ag,v 1.1 2004/02/28 18:36:38 snj Exp $ + +--- file.c.orig 2004-02-28 10:10:55.000000000 -0800 ++++ file.c 2004-02-28 10:12:50.000000000 -0800 +@@ -139,7 +139,7 @@ void SetupStage(display, window) + + /* Construct the level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str, newLevel); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02ld.data", str, newLevel); + else + sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel); + +@@ -177,7 +177,7 @@ int LoadSavedGame(display, window) + static int bgrnd = 1; + + /* Save the file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-saveinfo", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-saveinfo", GetHomeDir()); + + /* Open the save file info for reading */ + if ((saveFile = fopen(levelPath, "r+")) == NULL) +@@ -239,7 +239,7 @@ int LoadSavedGame(display, window) + DisplayLevelInfo(display, levelWindow, level); + + /* Load the saved file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-savelevel", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-savelevel", GetHomeDir()); + + /* Read in the saved level data */ + if (ReadNextLevel(display, window, levelPath, True) == False) +@@ -283,7 +283,7 @@ int SaveCurrentGame(display, window) + saveGame.numBullets = GetNumberBullets(); + + /* Save the file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-saveinfo", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-saveinfo", GetHomeDir()); + + /* Open the save file info for writing */ + if ((saveFile = fopen(levelPath, "w+")) == NULL) +@@ -309,7 +309,7 @@ int SaveCurrentGame(display, window) + WarningMessage("Cannot close save game info file."); + + /* Save the file in home directory - construct path */ +- sprintf(levelPath, "%s/.xboing-savelevel", GetHomeDir()); ++ snprintf(levelPath, sizeof(levelPath), "%s/.xboing-savelevel", GetHomeDir()); + + if (SaveLevelDataFile(display, levelPath) == True) + { diff --git a/games/xboing/patches/patch-ah b/games/xboing/patches/patch-ah new file mode 100644 index 00000000000..78164436b9e --- /dev/null +++ b/games/xboing/patches/patch-ah @@ -0,0 +1,13 @@ +$NetBSD: patch-ah,v 1.1 2004/02/28 18:36:38 snj Exp $ + +--- init.c.orig 2004-02-28 10:13:29.000000000 -0800 ++++ init.c 2004-02-28 10:14:17.000000000 -0800 +@@ -438,7 +438,7 @@ static void HandleDisplayErrors(displayN + WarningMessage("Your X Window system display variable is not set."); + else + { +- sprintf(string, "Cannot connect to display called <%s>.", displayName); ++ snprintf(string, sizeof(string), "Cannot connect to display called <%s>.", displayName); + WarningMessage(string); + } + } diff --git a/games/xboing/patches/patch-ai b/games/xboing/patches/patch-ai new file mode 100644 index 00000000000..4484fef7a09 --- /dev/null +++ b/games/xboing/patches/patch-ai @@ -0,0 +1,13 @@ +$NetBSD: patch-ai,v 1.1 2004/02/28 18:36:38 snj Exp $ + +--- preview.c.orig 2004-02-28 10:19:15.000000000 -0800 ++++ preview.c 2004-02-28 10:19:31.000000000 -0800 +@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Preview level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02d.data", str, lnum); ++ snprintf(levelPath, sizeof(levelPath), "%s/level%02d.data", str, lnum); + else + sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum); + |