File CVE-2015-8972.patch of Package gnuchess
From: aceballos
Date: Tue Sep 20 21:35:52 2016 UTC
Subject: Truncate user input if longer than 128 characters; otherwise, the program will crash.
References: boo#1010143 CVE-2015-8972
Upstream: committed
Index: trunk/src/frontend/move.cc
===================================================================
--- trunk/src/frontend/move.cc (revision 133)
+++ trunk/src/frontend/move.cc (revision 134)
@@ -542,6 +542,11 @@
BitBoard b, b2;
leaf *n1, *n2;
+ /* User input could be longer than MAXSTR */
+ if ( strlen(s) >= MAXSTR ) {
+ s[MAXSTR-1] = '\0';
+ }
+
TreePtr[2] = TreePtr[1];
GenMoves (1);
FilterIllegalMoves (1);