rpms/bzflag/FC-4 bzflag-2.0.4-stringdos.patch, NONE, 1.1 bzflag.spec, 1.16, 1.17 bzflag-2.0.2-isoc++.patch, 1.1, NONE

Nils Philippsen (nphilipp) fedora-extras-commits at redhat.com
Wed Dec 28 12:25:51 UTC 2005 

Author: nphilipp

Update of /cvs/extras/rpms/bzflag/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22325

Modified Files:
	bzflag.spec 
Added Files:
	bzflag-2.0.4-stringdos.patch 
Removed Files:
	bzflag-2.0.2-isoc++.patch 
Log Message:
don't crash on maliciously formed callsign, etc. strings (#176626, patch backported from upstream CVS)


bzflag-2.0.4-stringdos.patch:

--- NEW FILE bzflag-2.0.4-stringdos.patch ---
--- bzflag-2.0.4.20050930/src/game/PlayerInfo.cxx.stringdos	2005-09-28 02:24:42.000000000 +0200
+++ bzflag-2.0.4.20050930/src/game/PlayerInfo.cxx	2005-12-28 12:39:57.000000000 +0100
@@ -108,6 +108,12 @@
   buf = nboUnpackString(buf, email, EmailLen);
   buf = nboUnpackString(buf, token, TokenLen);
   buf = nboUnpackString(buf, clientVersion, VersionLen);
+
+  // terminate the strings
+  callSign[CallSignLen - 1] = '\0';
+  email[EmailLen - 1] = '\0';
+  token[TokenLen - 1] = '\0';
+  clientVersion[VersionLen - 1] = '\0';
   cleanEMail();
 
   DEBUG2("Player %s [%d] sent version string: %s\n",


Index: bzflag.spec
===================================================================
RCS file: /cvs/extras/rpms/bzflag/FC-4/bzflag.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- bzflag.spec	29 Nov 2005 12:33:38 -0000	1.16
+++ bzflag.spec	28 Dec 2005 12:25:50 -0000	1.17
@@ -7,14 +7,14 @@
 Summary: 3D multi-player tank battle game
 Name: bzflag
 Version: 2.0.4
-Release: 0.fc4.2
+Release: 0.fc4.3
 License: GPL
 Group: Amusements/Games
 URL: http://bzflag.org
 Source0: http://ftp.bzflag.org/bzflag/bzflag-%{version}%{?date:.%{date}}.tar.bz2
 Source1: bzflag.desktop
 Patch0: bzflag-2.0.4-lookup.patch
-Patch1: bzflag-2.0.2-isoc++.patch
+Patch1: bzflag-2.0.2-stringdos.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 %if %_modular_X
 BuildRequires: libXi-devel
@@ -48,7 +48,7 @@
 
 %prep
 %setup -q -n %{name}-%{version}%{?date:.%{date}}
-%patch0 -p1 -b .isoc++
+%patch0 -p1 -b .stringdos
 
 %build
 # Use PIE because bzflag/bzfs are networked server applications
@@ -93,6 +93,10 @@
 %{_mandir}/man*/*
 
 %changelog
+* Wed Dec 28 2005 Nils Philippsen <nphilipp at redhat.com> 2.0.4-0.fc4.3
+- don't crash on maliciously formed callsign, etc. strings (#176626, patch
+  backported from upstream CVS)
+
 * Tue Nov 29 2005 Nils Philippsen <nphilipp at redhat.com> 2.0.4-0.fc4.2
 - bump release to make build system build
 


--- bzflag-2.0.2-isoc++.patch DELETED ---

More information about the fedora-extras-commits mailing list