rpms/freeciv/devel freeciv-2.1.0-buffer-overflow.patch, NONE, 1.1 freeciv.spec, 1.29, 1.30

Brian Pepple (bpepple) fedora-extras-commits at redhat.com
Sat Nov 24 21:47:22 UTC 2007 

Author: bpepple

Update of /cvs/pkgs/rpms/freeciv/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14529

Modified Files:
	freeciv.spec 
Added Files:
	freeciv-2.1.0-buffer-overflow.patch 
Log Message:
* Sat Nov 24 2007 Brian Pepple <bpepple at fedoraproject.org> - 2.1.0-2
- Add patch to fix buffer overflow. (#397531)


freeciv-2.1.0-buffer-overflow.patch:

--- NEW FILE freeciv-2.1.0-buffer-overflow.patch ---
--- /trunk/server/savegame.c	2007/11/24 11:33:59	14033
+++ trunk/server/savegame.c	2007/11/24 11:35:19	14034
@@ -3339,16 +3339,17 @@
    * Note that the "quoted" format is a multiple of 3.
    */
 #define PART_SIZE (3*256)
+#define PART_ADJUST (3)
   if (plr->attribute_block.data) {
+    char part[PART_SIZE + PART_ADJUST];
+    int parts;
+    int current_part_nr;
     char *quoted = quote_block(plr->attribute_block.data,
 			       plr->attribute_block.length);
     char *quoted_at = strchr(quoted, ':');
     size_t bytes_left = strlen(quoted);
     size_t bytes_at_colon = 1 + (quoted_at - quoted);
-    size_t bytes_adjust = bytes_at_colon % 3;
-    int current_part_nr;
-    int parts;
-    char part[PART_SIZE + 1];
+    size_t bytes_adjust = bytes_at_colon % PART_ADJUST;
 
     secfile_insert_int(file, plr->attribute_block.length,
 		       "player%d.attribute_v2_block_length", plrno);
@@ -3389,8 +3390,6 @@
     for (; current_part_nr < parts; current_part_nr++) {
       size_t size_of_current_part = MIN(bytes_left, PART_SIZE);
 
-      assert(bytes_left);
-
       memcpy(part, quoted_at, size_of_current_part);
       part[size_of_current_part] = '\0';
       secfile_insert_str(file, part,
@@ -3403,6 +3402,7 @@
     assert(bytes_left == 0);
     free(quoted);
   }
+#undef PART_ADJUST
 #undef PART_SIZE
 }


Index: freeciv.spec
===================================================================
RCS file: /cvs/pkgs/rpms/freeciv/devel/freeciv.spec,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- freeciv.spec	28 Oct 2007 19:39:43 -0000	1.29
+++ freeciv.spec	24 Nov 2007 21:46:48 -0000	1.30
@@ -1,6 +1,6 @@
 Name:           freeciv
 Version:        2.1.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Freeciv multi-player strategy game
 
 Group:          Amusements/Games
@@ -9,6 +9,7 @@
 Source0:        http://download.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 Patch1:		%{name}-aifill.patch
 Patch2:		%{name}-%{version}-open.patch
+Patch3:		%{name}-%{version}-buffer-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  gtk2-devel
@@ -34,6 +35,7 @@
 %setup -q -n %{name}-%{version}
 %patch1 -p1 -b .aifill
 %patch2 -p1 -b .open
+%patch3 -p1 -b .buffer
 
 
 %build
@@ -98,6 +100,9 @@
 
 
 %changelog
+* Sat Nov 24 2007 Brian Pepple <bpepple at fedoraproject.org> - 2.1.0-2
+- Add patch to fix buffer overflow. (#397531)
+
 * Sun Oct 28 2007 Brian Pepple <bpepple at fedoraproject.org> - 2.1.0-1
 - Update to 2.1.0.
 - Update urls.

More information about the fedora-extras-commits mailing list