Overview

File CVE-2015-8972.patch of Package gnuchess

From: aceballos
Date: Tue Sep 20 21:35:52 2016 UTC
Subject: Truncate user input if longer than 128 characters; otherwise, the program will crash.
References: boo#1010143 CVE-2015-8972
Upstream: committed

Index: trunk/src/frontend/move.cc
===================================================================
--- trunk/src/frontend/move.cc	(revision 133)
+++ trunk/src/frontend/move.cc	(revision 134)
@@ -542,6 +542,11 @@
    BitBoard b, b2;
    leaf *n1, *n2;
 
+   /* User input could be longer than MAXSTR */
+   if ( strlen(s) >= MAXSTR ) {
+      s[MAXSTR-1] = '\0';
+   }
+
    TreePtr[2] = TreePtr[1];
    GenMoves (1);
    FilterIllegalMoves (1);
openSUSE Build Service is sponsored by
Places