From 44062a988f108444c339ad5bafa28e3e469d7673 Mon Sep 17 00:00:00 2001
From: wiz <wiz@pkgsrc.org>
Date: Thu, 23 Dec 1999 01:44:03 +0000
Subject: security fix (buffer overflow attack was possible, gaining group
 games) see posting by Brock Tellier on Bugtraq 1999-12-15 as discussed on
 packages@netbsd.org, with comment by Hubert Feyrer incorporated

---
 games/xsoldier/files/patch-sum  |  5 +++-
 games/xsoldier/patches/patch-ab | 59 +++++++++++++++++++++++++++++++++++++++++
 games/xsoldier/patches/patch-ac | 12 +++++++++
 games/xsoldier/patches/patch-ad | 12 +++++++++
 4 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 games/xsoldier/patches/patch-ab
 create mode 100644 games/xsoldier/patches/patch-ac
 create mode 100644 games/xsoldier/patches/patch-ad

(limited to 'games/xsoldier')

diff --git a/games/xsoldier/files/patch-sum b/games/xsoldier/files/patch-sum
index 5190fb49448..7a93f3a6b36 100644
--- a/games/xsoldier/files/patch-sum
+++ b/games/xsoldier/files/patch-sum
@@ -1,3 +1,6 @@
-$NetBSD: patch-sum,v 1.1 1999/07/09 13:51:04 agc Exp $
+$NetBSD: patch-sum,v 1.2 1999/12/23 01:44:03 wiz Exp $
 
 MD5 (patch-aa) = e75fdc4bff99d42584c849fddedcd4cd
+MD5 (patch-ab) = f8953cb70b7fd8781d6867e5b957ea73
+MD5 (patch-ac) = 22ee898aecc2079f706e288f2bde6d49
+MD5 (patch-ad) = 653ec785603b0be603214a7be0e07b41
diff --git a/games/xsoldier/patches/patch-ab b/games/xsoldier/patches/patch-ab
new file mode 100644
index 00000000000..2524b32be03
--- /dev/null
+++ b/games/xsoldier/patches/patch-ab
@@ -0,0 +1,59 @@
+$NetBSD: patch-ab,v 1.1 1999/12/23 01:44:03 wiz Exp $
+--- main.c.orig	Fri Feb 28 16:50:07 1997
++++ main.c	Wed Dec 22 02:32:19 1999
+@@ -49,8 +49,8 @@ static void clean(void);
+ static void sig_handle(void);
+ 
+ /*** ふぁいるぐろーばる ***/
+-static char command[32];
+-static char display[32] = {'\0'};
++static char *command;
++static char *display = NULL;
+ static int scoreOK = True;
+ static int putscore = False;
+ static int colormap = True;
+@@ -65,7 +65,7 @@ int main(int argc, char *argv[])
+     {
+ 	int i;
+ 	printf("      --- top 10 soldiers ---\n");
+-	printf("Name                 Stage Score\n",command);
++	printf("Name                 Stage Score\n");
+ 	for (i=1; i<=10; i++)
+ 	    printf("%-20s %02d-%02d %08d\n",
+ 		   player->Rec[i].name,
+@@ -122,21 +122,19 @@ int main(int argc, char *argv[])
+ 
+ static void arginit(int argc, char *argv[])
+ {
+-    char *argv0;
+     int i;
+ 
+-    if ((argv0=strrchr(argv[0],'/')) != NULL)
+-        argv0++;
++    if ((command=strrchr(argv[0],'/')) != NULL)
++        command++;
+     else
+-        argv0 = argv[0];
+-    strcpy(command,argv0); /*** コマンド名取得とコピー ***/
++        command = argv[0];
+ 
+     for (i=1; i<argc; i++)
+     {
+ 	if ((strcmp(argv[i],"-display")==0) || (strcmp(argv[i],"-d")==0))
+ 	{
+ 	    if (i < argc-1)
+-		strcpy(display,argv[i+1]);
++		display = argv[i+1];
+ 	}
+         else if ((strcmp(argv[i],"-wait")==0) || (strcmp(argv[i],"-w")==0))
+ 	{
+@@ -207,7 +205,8 @@ static void init(void)
+     dpy        = XOpenDisplay(display);
+     if (dpy == NULL)
+     {
+-	fprintf(stderr,"init: [%s] can't open display.\n",display);
++	fprintf(stderr,"init: [%s] can't open display.\n",
++		display?display:getenv("DISPLAY")?getenv("DISPLAY"):":0");
+ 	exit(1);
+     }
+ 
diff --git a/games/xsoldier/patches/patch-ac b/games/xsoldier/patches/patch-ac
new file mode 100644
index 00000000000..d8079b51bd1
--- /dev/null
+++ b/games/xsoldier/patches/patch-ac
@@ -0,0 +1,12 @@
+$NetBSD: patch-ac,v 1.1 1999/12/23 01:44:03 wiz Exp $
+--- score.c.orig	Mon Feb 24 16:25:44 1997
++++ score.c	Wed Dec 22 02:32:19 1999
+@@ -53,7 +53,7 @@ int ReadHiscore(PlayerData *p)
+ 	    p->Rec[i].score = score;
+ 	    p->Rec[i].loop  = loop;
+ 	    p->Rec[i].stage = stage;
+-	    strcpy(p->Rec[i].name,name);
++	    strncpy(p->Rec[i].name,name,sizeof(p->Rec[i].name));
+ 	}
+ 	fclose(fp);
+     }
diff --git a/games/xsoldier/patches/patch-ad b/games/xsoldier/patches/patch-ad
new file mode 100644
index 00000000000..3eaa9307f8c
--- /dev/null
+++ b/games/xsoldier/patches/patch-ad
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.1 1999/12/23 01:44:03 wiz Exp $
+--- manage.c.orig	Mon Feb 24 17:20:07 1997
++++ manage.c	Wed Dec 22 02:32:19 1999
+@@ -306,7 +306,7 @@ PlayerData *NewPlayerData(void)
+     if ((pw=getpwuid(getuid())) == NULL)
+         sprintf(name,"%d",getuid());
+     else
+-        strcpy(name,pw->pw_name);
++        strncpy(name,pw->pw_name,sizeof(name));
+ 
+     New = (PlayerData *)malloc(sizeof(PlayerData));
+ 
-- 
cgit v1.2.3