From fd2065fbf2faac3a070e6d9f3aa8a10e6f53c0b6 Mon Sep 17 00:00:00 2001 From: joey Date: Thu, 6 Apr 2006 23:29:15 +0000 Subject: [PATCH] releasing version 2.17-6 git-svn-id: file:///srv/svn/joey/trunk/src/packages/bsdgames@12402 a4a2c43b-8ac3-0310-8836-e0e880c912e2 --- debian/changelog | 7 +++++++ tetris/scores.c | 19 +++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9470bd1..ccf383d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +bsdgames (2.17-6) unstable; urgency=medium + + * tetris-bsd: Apply patch from gentoo to fix input validation in score + reading code to avoid stack overflow, and . Closes: # (CVE-2006-1539) + + -- Joey Hess Thu, 6 Apr 2006 18:58:10 -0400 + bsdgames (2.17-5) unstable; urgency=low * Deal with removal of wenglish package. Closes: #345975 diff --git a/tetris/scores.c b/tetris/scores.c index d731e25..753f88b 100644 --- a/tetris/scores.c +++ b/tetris/scores.c @@ -335,7 +335,8 @@ checkscores(hs, num) continue; } } - levelfound[sp->hs_level] = 1; + if (sp->hs_level < NLEVELS && sp->hs_level >= 0) + levelfound[sp->hs_level] = 1; i++, sp++; } return (num > MAXHISCORES ? MAXHISCORES : num); @@ -374,12 +375,14 @@ showscores(level) for (i = MINLEVEL; i < NLEVELS; i++) levelfound[i] = 0; for (i = 0, sp = scores; i < nscores; i++, sp++) { - if (levelfound[sp->hs_level]) - sp->hs_time = 0; - else { - sp->hs_time = 1; - levelfound[sp->hs_level] = 1; - } + if (sp->hs_level < NLEVELS && sp->hs_level >= 0) { + if (levelfound[sp->hs_level]) + sp->hs_time = 0; + else { + sp->hs_time = 1; + levelfound[sp->hs_level] = 1; + } + } } /* @@ -433,7 +436,7 @@ printem(level, offset, hs, n, me) continue; } sp = &hs[item]; - (void)sprintf(buf, + (void)snprintf(buf, sizeof(buf), "%3d%c %6d %-11s (%6d on %d)", item + offset, sp->hs_time ? '*' : ' ', sp->hs_score * sp->hs_level,