summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Pentchev <roam@FreeBSD.org>2003-02-11 13:55:38 +0000
committerPeter Pentchev <roam@FreeBSD.org>2003-02-11 13:55:38 +0000
commitcb0cbed40a74b72b1db1a5755052d691a5865e70 (patch)
tree74e60a2cc6151e441170cb3706ce14c7db6032ea
parentUpdate to 0.6.2. (diff)
Add a patch that fixes this particular misuse of strcat().
Remove the FORBIDDEN keyword with some apprehension: there might well be other holes left :( Bump PORTREVISION for the applied bug (and security-) fix.
Notes
Notes: svn path=/head/; revision=75296
-rw-r--r--games/nethack34/Makefile3
-rw-r--r--games/nethack34/files/patch-ah20
2 files changed, 21 insertions, 2 deletions
diff --git a/games/nethack34/Makefile b/games/nethack34/Makefile
index ec39bc926874..7e64da7e2cda 100644
--- a/games/nethack34/Makefile
+++ b/games/nethack34/Makefile
@@ -7,6 +7,7 @@
PORTNAME= nethack
PORTVERSION= 3.4.0
+PORTREVISION= 1
CATEGORIES?= games
MASTER_SITES= ftp://ftp.nethack.org/pub/nethack/nh${PORTVERSION:S/.//g}/src/
DISTNAME= ${PORTNAME}-${PORTVERSION:S/.//g}
@@ -14,8 +15,6 @@ EXTRACT_SUFX= .tgz
MAINTAINER?= ports@freebsd.org
-FORBIDDEN= "Possibly exploitable local buffer overflow, see http://online.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0 for more information"
-
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
USE_REINPLACE= yes
diff --git a/games/nethack34/files/patch-ah b/games/nethack34/files/patch-ah
new file mode 100644
index 000000000000..a21918f7a656
--- /dev/null
+++ b/games/nethack34/files/patch-ah
@@ -0,0 +1,20 @@
+--- src/topten.c Thu Mar 21 01:43:19 2002
++++ src/topten.c Tue Feb 11 15:36:23 2003
+@@ -855,8 +855,15 @@
+ if (playerct < 1) Strcat(pbuf, "you.");
+ else {
+ if (playerct > 1) Strcat(pbuf, "any of ");
+- for (i = 0; i < playerct; i++) {
+- Strcat(pbuf, players[i]);
++ for (i = 0; i < playerct && strlen(pbuf) < sizeof(pbuf) - 2;
++ i++) {
++ size_t len = strlen(pbuf), rest;
++ if (strlen(players[i]) > sizeof(pbuf) - len - 2) {
++ rest = sizeof(pbuf) - strlen(pbuf) - 2;
++ memcpy(pbuf + len, players[i], rest);
++ pbuf[len + rest] = '\0';
++ } else
++ Strcat(pbuf, players[i]);
+ if (i < playerct-1) {
+ if (players[i][0] == '-' &&
+ index("pr", players[i][1]) && players[i][2] == 0)