rpms/bzflag/devel bzflag-2.0.4-stringdos.patch, NONE, 1.1 bzflag.spec, 1.19, 1.20 bzflag-2.0.2-isoc++.patch, 1.1, NONE
Nils Philippsen (nphilipp)
fedora-extras-commits at redhat.com
Wed Dec 28 12:07:20 UTC 2005
Author: nphilipp
Update of /cvs/extras/rpms/bzflag/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22052
Modified Files:
bzflag.spec
Added Files:
bzflag-2.0.4-stringdos.patch
Removed Files:
bzflag-2.0.2-isoc++.patch
Log Message:
don't crash on maliciously formed callsign, etc. strings (#176626, patch backported from upstream CVS)
bzflag-2.0.4-stringdos.patch:
--- NEW FILE bzflag-2.0.4-stringdos.patch ---
--- bzflag-2.0.4.20050930/src/game/PlayerInfo.cxx.stringdos 2005-09-28 02:24:42.000000000 +0200
+++ bzflag-2.0.4.20050930/src/game/PlayerInfo.cxx 2005-12-28 12:39:57.000000000 +0100
@@ -108,6 +108,12 @@
buf = nboUnpackString(buf, email, EmailLen);
buf = nboUnpackString(buf, token, TokenLen);
buf = nboUnpackString(buf, clientVersion, VersionLen);
+
+ // terminate the strings
+ callSign[CallSignLen - 1] = '\0';
+ email[EmailLen - 1] = '\0';
+ token[TokenLen - 1] = '\0';
+ clientVersion[VersionLen - 1] = '\0';
cleanEMail();
DEBUG2("Player %s [%d] sent version string: %s\n",
Index: bzflag.spec
===================================================================
RCS file: /cvs/extras/rpms/bzflag/devel/bzflag.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- bzflag.spec 25 Nov 2005 12:15:09 -0000 1.19
+++ bzflag.spec 28 Dec 2005 12:07:01 -0000 1.20
@@ -7,14 +7,14 @@
Summary: 3D multi-player tank battle game
Name: bzflag
Version: 2.0.4
-Release: 1
+Release: 2
License: GPL
Group: Amusements/Games
URL: http://bzflag.org
Source0: http://ftp.bzflag.org/bzflag/bzflag-%{version}%{?date:.%{date}}.tar.bz2
Source1: bzflag.desktop
Patch0: bzflag-2.0.4-lookup.patch
-Patch1: bzflag-2.0.2-isoc++.patch
+Patch1: bzflag-2.0.4-stringdos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
%if %_modular_X
BuildRequires: libXi-devel
@@ -48,7 +48,8 @@
%prep
%setup -q -n %{name}-%{version}%{?date:.%{date}}
-%patch0 -p1 -b .isoc++
+%patch0 -p1 -b .lookup
+%patch1 -p1 -b .stringdos
%build
# Use PIE because bzflag/bzfs are networked server applications
@@ -93,6 +94,10 @@
%{_mandir}/man*/*
%changelog
+* Wed Dec 28 2005 Nils Philippsen <nphilipp at redhat.com> 2.0.4-2
+- don't crash on maliciously formed callsign, etc. strings (#176626, patch
+ backported from upstream CVS)
+
* Mon Nov 21 2005 Nils Philippsen <nphilipp at redhat.com> 2.0.4-1
- version 2.0.4
- update lookup patch
--- bzflag-2.0.2-isoc++.patch DELETED ---
More information about the fedora-extras-commits
mailing list