diff options
author | glewis <glewis@FreeBSD.org> | 2003-08-22 04:24:01 +0800 |
---|---|---|
committer | glewis <glewis@FreeBSD.org> | 2003-08-22 04:24:01 +0800 |
commit | cf613ff25b1bf7f7dde587cbc7347987dc2133d0 (patch) | |
tree | 17ef77d32689231ea723aa0caf60836c37a87b67 /games/bsdgames | |
parent | df8a70fb9ee936a06904aba5fb54fd6e6f16a620 (diff) | |
download | freebsd-ports-gnome-cf613ff25b1bf7f7dde587cbc7347987dc2133d0.tar.gz freebsd-ports-gnome-cf613ff25b1bf7f7dde587cbc7347987dc2133d0.tar.zst freebsd-ports-gnome-cf613ff25b1bf7f7dde587cbc7347987dc2133d0.zip |
. Fix a potential buffer overflow in restoring rogue save files.
PR: 43886
Obtained from: NetBSD
Pointed out by: blackend
Diffstat (limited to 'games/bsdgames')
-rw-r--r-- | games/bsdgames/files/patch-rogue::inventory.c | 23 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::message.c | 13 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::move.c | 12 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::object.c | 12 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::rogue.h | 29 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::save.c | 82 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::score.c | 12 | ||||
-rw-r--r-- | games/bsdgames/files/patch-rogue::use.c | 12 |
8 files changed, 195 insertions, 0 deletions
diff --git a/games/bsdgames/files/patch-rogue::inventory.c b/games/bsdgames/files/patch-rogue::inventory.c new file mode 100644 index 000000000000..c76aed803225 --- /dev/null +++ b/games/bsdgames/files/patch-rogue::inventory.c @@ -0,0 +1,23 @@ +$FreeBSD$ + +--- rogue/inventory.c 30 Nov 1999 03:49:23 -0000 1.4 ++++ rogue/inventory.c 21 Aug 2003 19:58:45 -0000 +@@ -415,14 +415,14 @@ + mix_colors() + { + short i, j, k; +- char *t; ++ char t[MAX_ID_TITLE_LEN]; + + for (i = 0; i <= 32; i++) { + j = get_rand(0, (POTIONS - 1)); + k = get_rand(0, (POTIONS - 1)); +- t = id_potions[j].title; +- id_potions[j].title = id_potions[k].title; +- id_potions[k].title = t; ++ memcpy(t, id_potions[j].title, MAX_ID_TITLE_LEN); ++ memcpy(id_potions[j].title, id_potions[k].title, MAX_ID_TITLE_LEN); ++ memcpy(id_potions[k].title, t, MAX_ID_TITLE_LEN); + } + } + diff --git a/games/bsdgames/files/patch-rogue::message.c b/games/bsdgames/files/patch-rogue::message.c new file mode 100644 index 000000000000..47e0c69a3fb4 --- /dev/null +++ b/games/bsdgames/files/patch-rogue::message.c @@ -0,0 +1,13 @@ +$FreeBSD$ + +--- rogue/message.c 20 Jul 2000 10:35:07 -0000 1.7.2.1 ++++ rogue/message.c 21 Aug 2003 19:58:51 -0000 +@@ -60,7 +60,7 @@ + char msgs[NMESSAGES][DCOLS] = {"", "", "", "", ""}; + short msg_col = 0, imsg = -1; + boolean msg_cleared = 1, rmsg = 0; +-char hunger_str[8] = ""; ++char hunger_str[HUNGER_STR_LEN] = ""; + const char *more = "-more-"; + + extern boolean cant_int, did_int, interrupted, save_is_interactive, flush; diff --git a/games/bsdgames/files/patch-rogue::move.c b/games/bsdgames/files/patch-rogue::move.c new file mode 100644 index 000000000000..d50505369237 --- /dev/null +++ b/games/bsdgames/files/patch-rogue::move.c @@ -0,0 +1,12 @@ +$FreeBSD$ + +--- rogue/move.c 30 Nov 1999 03:49:24 -0000 1.7 ++++ rogue/move.c 21 Aug 2003 20:02:38 -0000 +@@ -64,7 +64,6 @@ + extern short cur_level, max_level; + extern short bear_trap, haste_self, confused; + extern short e_rings, regeneration, auto_search; +-extern char hunger_str[]; + extern boolean being_held, interrupted, r_teleport, passgo; + + one_move_rogue(dirch, pickup) diff --git a/games/bsdgames/files/patch-rogue::object.c b/games/bsdgames/files/patch-rogue::object.c new file mode 100644 index 000000000000..f2e3a23eacde --- /dev/null +++ b/games/bsdgames/files/patch-rogue::object.c @@ -0,0 +1,12 @@ +$FreeBSD$ + +--- rogue/object.c 30 Nov 1999 03:49:25 -0000 1.5 ++++ rogue/object.c 21 Aug 2003 20:04:13 -0000 +@@ -159,7 +159,6 @@ + + extern short cur_level, max_level; + extern short party_room; +-extern char *error_file; + extern boolean is_wood[]; + + put_objects() diff --git a/games/bsdgames/files/patch-rogue::rogue.h b/games/bsdgames/files/patch-rogue::rogue.h new file mode 100644 index 000000000000..d3a2ed4b8792 --- /dev/null +++ b/games/bsdgames/files/patch-rogue::rogue.h @@ -0,0 +1,29 @@ +$FreeBSD$ + +--- rogue/rogue.h 17 Dec 2001 12:43:23 -0000 1.3.2.1 ++++ rogue/rogue.h 21 Aug 2003 20:04:36 -0000 +@@ -194,9 +194,12 @@ + + #define MAX_OPT_LEN 40 + ++#define HUNGER_STR_LEN 8 ++ ++#define MAX_ID_TITLE_LEN 64 + struct id { + short value; +- char *title; ++ char title[MAX_ID_TITLE_LEN]; + char *real; + unsigned short id_status; + }; +@@ -472,3 +475,10 @@ + short second; /* 0 - 59 */ + }; + ++/* ++ * external routine declarations. ++ */ ++#define HUNGER_STR_LEN 8 ++extern char hunger_str[HUNGER_STR_LEN]; ++extern char login_name[MAX_OPT_LEN]; ++extern const char *error_file; diff --git a/games/bsdgames/files/patch-rogue::save.c b/games/bsdgames/files/patch-rogue::save.c new file mode 100644 index 000000000000..70ebdc91d5cb --- /dev/null +++ b/games/bsdgames/files/patch-rogue::save.c @@ -0,0 +1,82 @@ +$FreeBSD$ + +--- rogue/save.c 30 Nov 1999 03:49:27 -0000 1.6 ++++ rogue/save.c 21 Aug 2003 20:03:37 -0000 +@@ -63,8 +63,6 @@ + + extern boolean detect_monster; + extern short cur_level, max_level; +-extern char hunger_str[]; +-extern char login_name[]; + extern short party_room; + extern short foods; + extern boolean is_wood[]; +@@ -102,15 +100,23 @@ + { + FILE *fp; + int file_id; +- char name_buffer[80]; ++ char *name_buffer; ++ size_t len; + char *hptr; + struct rogue_time rt_buf; + + if (sfile[0] == '~') { + if (hptr = md_getenv("HOME")) { +- (void) strcpy(name_buffer, hptr); +- (void) strcat(name_buffer, sfile+1); +- sfile = name_buffer; ++ len = strlen(hptr) + strlen(sfile); ++ name_buffer = md_malloc(len); ++ if (name_buffer == NULL) { ++ message("out of memory for save file name", 0); ++ sfile = error_file; ++ } else { ++ (void) strcpy(name_buffer, hptr); ++ (void) strcat(name_buffer, sfile+1); ++ sfile = name_buffer; ++ } + } + } + /* revoke */ +@@ -199,10 +205,10 @@ + r_read(fp, (char *) &detect_monster, sizeof(detect_monster)); + r_read(fp, (char *) &cur_level, sizeof(cur_level)); + r_read(fp, (char *) &max_level, sizeof(max_level)); +- read_string(hunger_str, fp); ++ read_string(hunger_str, fp, sizeof hunger_str); + +- (void) strcpy(tbuf, login_name); +- read_string(login_name, fp); ++ (void) strlcpy(tbuf, login_name, sizeof tbuf); ++ read_string(login_name, fp, sizeof login_name); + if (strcmp(tbuf, login_name)) { + clean_up("you're not the original player"); + } +@@ -345,7 +351,7 @@ + r_read(fp, (char *) &(id_table[i].value), sizeof(short)); + r_read(fp, (char *) &(id_table[i].id_status), + sizeof(unsigned short)); +- read_string(id_table[i].title, fp); ++ read_string(id_table[i].title, fp, MAX_ID_TITLE_LEN); + } + } + } +@@ -362,13 +368,16 @@ + r_write(fp, s, n); + } + +-read_string(s, fp) ++read_string(s, fp, len) + char *s; + FILE *fp; ++size_t len; + { + short n; + + r_read(fp, (char *) &n, sizeof(short)); ++ if (n > len) ++ clean_up("read_string: corrupt game file"); + r_read(fp, s, n); + xxxx(s, n); + } diff --git a/games/bsdgames/files/patch-rogue::score.c b/games/bsdgames/files/patch-rogue::score.c new file mode 100644 index 000000000000..e95b1fac2205 --- /dev/null +++ b/games/bsdgames/files/patch-rogue::score.c @@ -0,0 +1,12 @@ +$FreeBSD$ + +--- rogue/score.c 30 Nov 1999 03:49:27 -0000 1.4 ++++ rogue/score.c 21 Aug 2003 20:03:30 -0000 +@@ -58,7 +58,6 @@ + #include "rogue.h" + #include "pathnames.h" + +-extern char login_name[]; + extern char *m_names[]; + extern short max_level; + extern boolean score_only, no_skull, msg_cleared; diff --git a/games/bsdgames/files/patch-rogue::use.c b/games/bsdgames/files/patch-rogue::use.c new file mode 100644 index 000000000000..069815923a68 --- /dev/null +++ b/games/bsdgames/files/patch-rogue::use.c @@ -0,0 +1,12 @@ +$FreeBSD$ + +--- rogue/use.c 30 Nov 1999 03:49:29 -0000 1.4 ++++ rogue/use.c 21 Aug 2003 20:06:00 -0000 +@@ -68,7 +68,6 @@ + const char *strange_feeling = "you have a strange feeling for a moment, then it passes"; + + extern short bear_trap; +-extern char hunger_str[]; + extern short cur_room; + extern long level_points[]; + extern boolean being_held; |