rpms/bzflag/FC-4 bzflag-2.0.4-stringdos.patch, NONE, 1.1 bzflag.spec, 1.16, 1.17 bzflag-2.0.2-isoc++.patch, 1.1, NONE
Nils Philippsen (nphilipp)
fedora-extras-commits at redhat.com
Wed Dec 28 12:25:51 UTC 2005
Author: nphilipp
Update of /cvs/extras/rpms/bzflag/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22325
Modified Files:
bzflag.spec
Added Files:
bzflag-2.0.4-stringdos.patch
Removed Files:
bzflag-2.0.2-isoc++.patch
Log Message:
don't crash on maliciously formed callsign, etc. strings (#176626, patch backported from upstream CVS)
bzflag-2.0.4-stringdos.patch:
--- NEW FILE bzflag-2.0.4-stringdos.patch ---
--- bzflag-2.0.4.20050930/src/game/PlayerInfo.cxx.stringdos 2005-09-28 02:24:42.000000000 +0200
+++ bzflag-2.0.4.20050930/src/game/PlayerInfo.cxx 2005-12-28 12:39:57.000000000 +0100
@@ -108,6 +108,12 @@
buf = nboUnpackString(buf, email, EmailLen);
buf = nboUnpackString(buf, token, TokenLen);
buf = nboUnpackString(buf, clientVersion, VersionLen);
+
+ // terminate the strings
+ callSign[CallSignLen - 1] = '\0';
+ email[EmailLen - 1] = '\0';
+ token[TokenLen - 1] = '\0';
+ clientVersion[VersionLen - 1] = '\0';
cleanEMail();
DEBUG2("Player %s [%d] sent version string: %s\n",
Index: bzflag.spec
===================================================================
RCS file: /cvs/extras/rpms/bzflag/FC-4/bzflag.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- bzflag.spec 29 Nov 2005 12:33:38 -0000 1.16
+++ bzflag.spec 28 Dec 2005 12:25:50 -0000 1.17
@@ -7,14 +7,14 @@
Summary: 3D multi-player tank battle game
Name: bzflag
Version: 2.0.4
-Release: 0.fc4.2
+Release: 0.fc4.3
License: GPL
Group: Amusements/Games
URL: http://bzflag.org
Source0: http://ftp.bzflag.org/bzflag/bzflag-%{version}%{?date:.%{date}}.tar.bz2
Source1: bzflag.desktop
Patch0: bzflag-2.0.4-lookup.patch
-Patch1: bzflag-2.0.2-isoc++.patch
+Patch1: bzflag-2.0.2-stringdos.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
%if %_modular_X
BuildRequires: libXi-devel
@@ -48,7 +48,7 @@
%prep
%setup -q -n %{name}-%{version}%{?date:.%{date}}
-%patch0 -p1 -b .isoc++
+%patch0 -p1 -b .stringdos
%build
# Use PIE because bzflag/bzfs are networked server applications
@@ -93,6 +93,10 @@
%{_mandir}/man*/*
%changelog
+* Wed Dec 28 2005 Nils Philippsen <nphilipp at redhat.com> 2.0.4-0.fc4.3
+- don't crash on maliciously formed callsign, etc. strings (#176626, patch
+ backported from upstream CVS)
+
* Tue Nov 29 2005 Nils Philippsen <nphilipp at redhat.com> 2.0.4-0.fc4.2
- bump release to make build system build
--- bzflag-2.0.2-isoc++.patch DELETED ---
More information about the fedora-extras-commits
mailing list