Projects
Games
crafty
crafty-23.4-security-203541.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File crafty-23.4-security-203541.patch of Package crafty
--- main.c.orig 2010-11-08 19:07:43.000000000 +0100 +++ main.c 2010-11-12 23:28:33.000000000 +0100 @@ -3954,7 +3954,10 @@ if (argc > 1) { for (i = 1; i < argc; i++) { if (strstr(argv[i], "path") || strstr(argv[i], "log")) { - strcpy(buffer, argv[i]); + //This is a security flaw (see http://bugs.debian.org/203541 + //strcpy(buffer, argv[i]); + memset(buffer,'\0',sizeof(buffer)); + strncpy(buffer,argv[i],sizeof(buffer)-1); result = Option(tree); if (result == 0) printf("ERROR \"%s\" is unknown command-line option\n", buffer); @@ -4033,7 +4036,10 @@ for (i = 1; i < argc; i++) if (strcmp(argv[i], "c")) if (!strstr(argv[i], "path")) { - strcpy(buffer, argv[i]); + //This is a security flaw (see http://bugs.debian.org/203541 + //strcpy(buffer, argv[i]); + memset(buffer,'\0',sizeof(buffer)); + strncpy(buffer,argv[i],sizeof(buffer)-1); result = Option(tree); if (result == 0) printf("ERROR \"%s\" is unknown command-line option\n", buffer); @@ -4062,11 +4068,16 @@ */ #if defined(UNIX) input_stream = fopen(".craftyrc", "r"); - if (!input_stream) + if (!input_stream) { if ((pwd = getpwuid(getuid()))) { sprintf(path, "%s/.craftyrc", pwd->pw_dir); input_stream = fopen(path, "r"); } + if (!input_stream) { + sprintf (path, "%s/crafty.rc", rc_path); + input_stream = fopen (path, "r"); + } + } if (input_stream) #else sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path);
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.