diff options
author | Peter Pentchev <roam@FreeBSD.org> | 2003-02-11 13:55:38 +0000 |
---|---|---|
committer | Peter Pentchev <roam@FreeBSD.org> | 2003-02-11 13:55:38 +0000 |
commit | cb0cbed40a74b72b1db1a5755052d691a5865e70 (patch) | |
tree | 74e60a2cc6151e441170cb3706ce14c7db6032ea /games/nethack34 | |
parent | Update to 0.6.2. (diff) |
Add a patch that fixes this particular misuse of strcat().
Remove the FORBIDDEN keyword with some apprehension: there might well
be other holes left :(
Bump PORTREVISION for the applied bug (and security-) fix.
Notes
Notes:
svn path=/head/; revision=75296
Diffstat (limited to 'games/nethack34')
-rw-r--r-- | games/nethack34/Makefile | 3 | ||||
-rw-r--r-- | games/nethack34/files/patch-ah | 20 |
2 files changed, 21 insertions, 2 deletions
diff --git a/games/nethack34/Makefile b/games/nethack34/Makefile index ec39bc926874..7e64da7e2cda 100644 --- a/games/nethack34/Makefile +++ b/games/nethack34/Makefile @@ -7,6 +7,7 @@ PORTNAME= nethack PORTVERSION= 3.4.0 +PORTREVISION= 1 CATEGORIES?= games MASTER_SITES= ftp://ftp.nethack.org/pub/nethack/nh${PORTVERSION:S/.//g}/src/ DISTNAME= ${PORTNAME}-${PORTVERSION:S/.//g} @@ -14,8 +15,6 @@ EXTRACT_SUFX= .tgz MAINTAINER?= ports@freebsd.org -FORBIDDEN= "Possibly exploitable local buffer overflow, see http://online.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0 for more information" - WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} USE_REINPLACE= yes diff --git a/games/nethack34/files/patch-ah b/games/nethack34/files/patch-ah new file mode 100644 index 000000000000..a21918f7a656 --- /dev/null +++ b/games/nethack34/files/patch-ah @@ -0,0 +1,20 @@ +--- src/topten.c Thu Mar 21 01:43:19 2002 ++++ src/topten.c Tue Feb 11 15:36:23 2003 +@@ -855,8 +855,15 @@ + if (playerct < 1) Strcat(pbuf, "you."); + else { + if (playerct > 1) Strcat(pbuf, "any of "); +- for (i = 0; i < playerct; i++) { +- Strcat(pbuf, players[i]); ++ for (i = 0; i < playerct && strlen(pbuf) < sizeof(pbuf) - 2; ++ i++) { ++ size_t len = strlen(pbuf), rest; ++ if (strlen(players[i]) > sizeof(pbuf) - len - 2) { ++ rest = sizeof(pbuf) - strlen(pbuf) - 2; ++ memcpy(pbuf + len, players[i], rest); ++ pbuf[len + rest] = '\0'; ++ } else ++ Strcat(pbuf, players[i]); + if (i < playerct-1) { + if (players[i][0] == '-' && + index("pr", players[i][1]) && players[i][2] == 0) |