rpms/freeciv/devel freeciv-2.1.0-buffer-overflow.patch, NONE, 1.1 freeciv.spec, 1.29, 1.30
Brian Pepple (bpepple)
fedora-extras-commits at redhat.com
Sat Nov 24 21:47:22 UTC 2007
Author: bpepple
Update of /cvs/pkgs/rpms/freeciv/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14529
Modified Files:
freeciv.spec
Added Files:
freeciv-2.1.0-buffer-overflow.patch
Log Message:
* Sat Nov 24 2007 Brian Pepple <bpepple at fedoraproject.org> - 2.1.0-2
- Add patch to fix buffer overflow. (#397531)
freeciv-2.1.0-buffer-overflow.patch:
--- NEW FILE freeciv-2.1.0-buffer-overflow.patch ---
--- /trunk/server/savegame.c 2007/11/24 11:33:59 14033
+++ trunk/server/savegame.c 2007/11/24 11:35:19 14034
@@ -3339,16 +3339,17 @@
* Note that the "quoted" format is a multiple of 3.
*/
#define PART_SIZE (3*256)
+#define PART_ADJUST (3)
if (plr->attribute_block.data) {
+ char part[PART_SIZE + PART_ADJUST];
+ int parts;
+ int current_part_nr;
char *quoted = quote_block(plr->attribute_block.data,
plr->attribute_block.length);
char *quoted_at = strchr(quoted, ':');
size_t bytes_left = strlen(quoted);
size_t bytes_at_colon = 1 + (quoted_at - quoted);
- size_t bytes_adjust = bytes_at_colon % 3;
- int current_part_nr;
- int parts;
- char part[PART_SIZE + 1];
+ size_t bytes_adjust = bytes_at_colon % PART_ADJUST;
secfile_insert_int(file, plr->attribute_block.length,
"player%d.attribute_v2_block_length", plrno);
@@ -3389,8 +3390,6 @@
for (; current_part_nr < parts; current_part_nr++) {
size_t size_of_current_part = MIN(bytes_left, PART_SIZE);
- assert(bytes_left);
-
memcpy(part, quoted_at, size_of_current_part);
part[size_of_current_part] = '\0';
secfile_insert_str(file, part,
@@ -3403,6 +3402,7 @@
assert(bytes_left == 0);
free(quoted);
}
+#undef PART_ADJUST
#undef PART_SIZE
}
Index: freeciv.spec
===================================================================
RCS file: /cvs/pkgs/rpms/freeciv/devel/freeciv.spec,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- freeciv.spec 28 Oct 2007 19:39:43 -0000 1.29
+++ freeciv.spec 24 Nov 2007 21:46:48 -0000 1.30
@@ -1,6 +1,6 @@
Name: freeciv
Version: 2.1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Freeciv multi-player strategy game
Group: Amusements/Games
@@ -9,6 +9,7 @@
Source0: http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
Patch1: %{name}-aifill.patch
Patch2: %{name}-%{version}-open.patch
+Patch3: %{name}-%{version}-buffer-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtk2-devel
@@ -34,6 +35,7 @@
%setup -q -n %{name}-%{version}
%patch1 -p1 -b .aifill
%patch2 -p1 -b .open
+%patch3 -p1 -b .buffer
%build
@@ -98,6 +100,9 @@
%changelog
+* Sat Nov 24 2007 Brian Pepple <bpepple at fedoraproject.org> - 2.1.0-2
+- Add patch to fix buffer overflow. (#397531)
+
* Sun Oct 28 2007 Brian Pepple <bpepple at fedoraproject.org> - 2.1.0-1
- Update to 2.1.0.
- Update urls.
More information about the fedora-extras-commits
mailing list