releasing version 2.17-7

git-svn-id: file:///srv/svn/joey/trunk/src/packages/bsdgames@12404 a4a2c43b-8ac3-0310-8836-e0e880c912e2
2025-12-20 10:54:48 +00:00 · 2006-04-07 00:14:04 +00:00
parent fd2065fbf2
commit 964a2d34b2
3 changed files with 12 additions and 4 deletions
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+bsdgames (2.17-7) unstable; urgency=medium
+
+  * sail: Fix a scanf buffer overrun in initial broadside prompt code,
+    possibly exploitable. Closes: #360989
+  * dm: Fix some other, non exploitable scanf buffer overruns.
+
+ -- Joey Hess <joeyh@debian.org>  Thu,  6 Apr 2006 19:59:35 -0400
+
 bsdgames (2.17-6) unstable; urgency=medium

  * tetris-bsd: Apply patch from gentoo to fix input validation in score
--- a/dm/dm.c
+++ b/dm/dm.c
@@ -134,19 +134,19 @@ read_config()
 	while (fgets(lbuf, sizeof(lbuf), cfp))
 		switch (*lbuf) {
 		case 'b':		/* badtty */
-			if (sscanf(lbuf, "%s%s", f1, f2) != 2 ||
+			if (sscanf(lbuf, "%39s%39s", f1, f2) != 2 ||
 			    strcasecmp(f1, "badtty"))
 				break;
 			c_tty(f2);
 			break;
 		case 'g':		/* game */
-			if (sscanf(lbuf, "%s%s%s%s%s",
+			if (sscanf(lbuf, "%39s%39s%39s%39s%39s",
 			    f1, f2, f3, f4, f5) != 5 || strcasecmp(f1, "game"))
 				break;
 			c_game(f2, f3, f4, f5);
 			break;
 		case 't':		/* time */
-			if (sscanf(lbuf, "%s%s%s%s", f1, f2, f3, f4) != 4 ||
+			if (sscanf(lbuf, "%39s%39s%39s%39s", f1, f2, f3, f4) != 4 ||
 			    strcasecmp(f1, "time"))
 				break;
 			c_day(f2, f3, f4);
--- a/sail/pl_main.c
+++ b/sail/pl_main.c
@@ -219,7 +219,7 @@ reprint:
 		printf("\nInitial broadside %s (grape, chain, round, double): ",
 			n ? "right" : "left");
 		fflush(stdout);
-		scanf("%s", buf);
+		scanf("%9s", buf);
 		switch (*buf) {
 		case 'g':
 			load = L_GRAPE;