417f3d494f
* gnu/packages/patches/xboing-CVE-2004-0149: New file. * gnu/packages/games.scm (xboing)[source]: Add patch. * gnu/local.mk (dist_patch_DATA): Register it.
134 lines
4.5 KiB
Diff
134 lines
4.5 KiB
Diff
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149
|
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924
|
|
---
|
|
demo.c | 2 +-
|
|
editor.c | 12 ++++++------
|
|
file.c | 2 +-
|
|
highscore.c | 6 +++---
|
|
misc.c | 2 +-
|
|
preview.c | 2 +-
|
|
6 files changed, 13 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/demo.c b/demo.c
|
|
index 9084e70..f4fc2cd 100644
|
|
--- a/demo.c
|
|
+++ b/demo.c
|
|
@@ -154,7 +154,7 @@ static void DoBlocks(display, window)
|
|
|
|
/* Construct the demo level filename */
|
|
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
- sprintf(levelPath, "%s/demo.data", str);
|
|
+ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str);
|
|
else
|
|
sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR);
|
|
|
|
diff --git a/editor.c b/editor.c
|
|
index f2bb9ed..66d0679 100644
|
|
--- a/editor.c
|
|
+++ b/editor.c
|
|
@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window)
|
|
|
|
/* Construct the Edit level filename */
|
|
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
- sprintf(levelPath, "%s/editor.data", str);
|
|
+ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str);
|
|
else
|
|
sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR);
|
|
|
|
@@ -958,8 +958,8 @@ static void LoadALevel(display)
|
|
if ((num > 0) && (num <= MAX_NUM_LEVELS))
|
|
{
|
|
/* Construct the Edit level filename */
|
|
- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
|
|
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
+ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
|
|
else
|
|
sprintf(levelPath, "%s/level%02ld.data",
|
|
LEVEL_INSTALL_DIR, (u_long) num);
|
|
@@ -1017,9 +1017,9 @@ static void SaveALevel(display)
|
|
num = atoi(str);
|
|
if ((num > 0) && (num <= MAX_NUM_LEVELS))
|
|
{
|
|
- /* Construct the Edit level filename */
|
|
- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
|
|
+ /* Construct the Edit level filename */
|
|
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
+ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
|
|
else
|
|
sprintf(levelPath, "%s/level%02ld.data",
|
|
LEVEL_INSTALL_DIR, (u_long) num);
|
|
diff --git a/file.c b/file.c
|
|
index 4c043cd..99a0854 100644
|
|
--- a/file.c
|
|
+++ b/file.c
|
|
@@ -139,7 +139,7 @@ void SetupStage(display, window)
|
|
|
|
/* Construct the level filename */
|
|
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
- sprintf(levelPath, "%s/level%02ld.data", str, newLevel);
|
|
+ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel);
|
|
else
|
|
sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel);
|
|
|
|
diff --git a/highscore.c b/highscore.c
|
|
index f0db3e9..792273e 100644
|
|
--- a/highscore.c
|
|
+++ b/highscore.c
|
|
@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type)
|
|
{
|
|
/* Use the environment variable if it exists */
|
|
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
|
|
- strcpy(filename, str);
|
|
+ strncpy(filename, str, sizeof(filename)-1);
|
|
else
|
|
strcpy(filename, HIGH_SCORE_FILE);
|
|
}
|
|
@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type)
|
|
{
|
|
/* Use the environment variable if it exists */
|
|
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
|
|
- strcpy(filename, str);
|
|
+ strncpy(filename, str, sizeof(filename)-1);
|
|
else
|
|
strcpy(filename, HIGH_SCORE_FILE);
|
|
}
|
|
@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd)
|
|
|
|
/* Use the environment variable if it exists */
|
|
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
|
|
- strcpy(filename, str);
|
|
+ strncpy(filename, str, sizeof(filename)-1);
|
|
else
|
|
strcpy(filename, HIGH_SCORE_FILE);
|
|
|
|
diff --git a/misc.c b/misc.c
|
|
index f3ab37e..7f3ddce 100644
|
|
--- a/misc.c
|
|
+++ b/misc.c
|
|
@@ -427,7 +427,7 @@ char *GetHomeDir()
|
|
*/
|
|
|
|
if ((ptr = getenv("HOME")) != NULL)
|
|
- (void) strcpy(dest, ptr);
|
|
+ (void) strncpy(dest, ptr,sizeof(dest)-1);
|
|
else
|
|
{
|
|
/* HOME variable is not present so get USER var */
|
|
diff --git a/preview.c b/preview.c
|
|
index 41c1187..687f566 100644
|
|
--- a/preview.c
|
|
+++ b/preview.c
|
|
@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window)
|
|
|
|
/* Construct the Preview level filename */
|
|
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
|
|
- sprintf(levelPath, "%s/level%02d.data", str, lnum);
|
|
+ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum);
|
|
else
|
|
sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum);
|
|
|
|
--
|
|
2.15.1
|
|
|