File crafty-23.2-security-203541.patch of Package crafty

Overview Repositories Revisions Requests Users Attributes Meta

File crafty-23.2-security-203541.patch of Package crafty

Index: main.c
===================================================================
--- main.c.orig
+++ main.c
@@ -4308,7 +4308,10 @@ int main(int argc, char **argv) {
     for (i = 1; i < argc; i++) {
       if (strstr(argv[i], "path") || strstr(argv[i], "log") ||
           strstr(argv[1], "affinity")) {
-        strcpy(buffer, argv[i]);
+        //This is a security flaw (see http://bugs.debian.org/203541
+        //strcpy(buffer, argv[i]);
+        memset(buffer,'\0',sizeof(buffer));
+        strncpy(buffer,argv[i],sizeof(buffer)-1);
         result = Option(tree);
         if (result == 0)
           Print(2048, "ERROR \"%s\" is unknown command-line option\n",
@@ -4328,11 +4331,16 @@ int main(int argc, char **argv) {
  */
 #if defined(UNIX)
   input_stream = fopen(".craftyrc", "r");
-  if (!input_stream)
+  if (!input_stream) {
     if ((pwd = getpwuid(getuid()))) {
       sprintf(path, "%s/.craftyrc", pwd->pw_dir);
       input_stream = fopen(path, "r");
     }
+    if (!input_stream) {
+      sprintf (path, "%s/crafty.rc", rc_path);
+      input_stream = fopen (path, "r");
+    }
+  }
   if (input_stream)
 #else
   sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path);
@@ -4375,7 +4383,10 @@ int main(int argc, char **argv) {
             Print(-1, "ERROR ignoring token %s, 255 character max\n",
                 argv[i]);
           else {
-            strcpy(buffer, argv[i]);
+            //This is a security flaw (see http://bugs.debian.org/203541
+	    //strcpy(buffer, argv[i]);
+	    memset(buffer,'\0',sizeof(buffer));
+	    strncpy(buffer,argv[i],sizeof(buffer)-1);
             Print(32, "(info) command line option \"%s\"\n", buffer);
             result = Option(tree);
             if (result == 0)

Places

File crafty-23.2-security-203541.patch of Package crafty

Places