From 964a2d34b26075e44c9f996c3e74f5dc35d8efbc Mon Sep 17 00:00:00 2001 From: joey Date: Fri, 7 Apr 2006 00:14:04 +0000 Subject: [PATCH] releasing version 2.17-7 git-svn-id: file:///srv/svn/joey/trunk/src/packages/bsdgames@12404 a4a2c43b-8ac3-0310-8836-e0e880c912e2 --- debian/changelog | 8 ++++++++ dm/dm.c | 6 +++--- sail/pl_main.c | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index ccf383d..ec9f208 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +bsdgames (2.17-7) unstable; urgency=medium + + * sail: Fix a scanf buffer overrun in initial broadside prompt code, + possibly exploitable. Closes: #360989 + * dm: Fix some other, non exploitable scanf buffer overruns. + + -- Joey Hess Thu, 6 Apr 2006 19:59:35 -0400 + bsdgames (2.17-6) unstable; urgency=medium * tetris-bsd: Apply patch from gentoo to fix input validation in score diff --git a/dm/dm.c b/dm/dm.c index c131904..16129d8 100644 --- a/dm/dm.c +++ b/dm/dm.c @@ -134,19 +134,19 @@ read_config() while (fgets(lbuf, sizeof(lbuf), cfp)) switch (*lbuf) { case 'b': /* badtty */ - if (sscanf(lbuf, "%s%s", f1, f2) != 2 || + if (sscanf(lbuf, "%39s%39s", f1, f2) != 2 || strcasecmp(f1, "badtty")) break; c_tty(f2); break; case 'g': /* game */ - if (sscanf(lbuf, "%s%s%s%s%s", + if (sscanf(lbuf, "%39s%39s%39s%39s%39s", f1, f2, f3, f4, f5) != 5 || strcasecmp(f1, "game")) break; c_game(f2, f3, f4, f5); break; case 't': /* time */ - if (sscanf(lbuf, "%s%s%s%s", f1, f2, f3, f4) != 4 || + if (sscanf(lbuf, "%39s%39s%39s%39s", f1, f2, f3, f4) != 4 || strcasecmp(f1, "time")) break; c_day(f2, f3, f4); diff --git a/sail/pl_main.c b/sail/pl_main.c index 6183420..b8b26b1 100644 --- a/sail/pl_main.c +++ b/sail/pl_main.c @@ -219,7 +219,7 @@ reprint: printf("\nInitial broadside %s (grape, chain, round, double): ", n ? "right" : "left"); fflush(stdout); - scanf("%s", buf); + scanf("%9s", buf); switch (*buf) { case 'g': load = L_GRAPE;