File crafty-23.2-security-203541.patch of Package crafty

Overview Repositories Revisions Requests Users Attributes Meta

File crafty-23.2-security-203541.patch of Package crafty

--- main.c.orig	2010-03-04 03:11:14.000000000 +0100
+++ main.c	2010-03-06 22:34:46.000000000 +0100
@@ -3888,7 +3888,10 @@
   if (argc > 1) {
     for (i = 1; i < argc; i++) {
       if (strstr(argv[i], "path") || strstr(argv[i], "log")) {
-        strcpy(buffer, argv[i]);
+       //This is a security flaw (see http://bugs.debian.org/203541
+       //strcpy(buffer, argv[i]);
+       memset(buffer,'\0',sizeof(buffer));
+        strncpy(buffer,argv[i],sizeof(buffer)-1);
         result = Option(tree);
         if (result == 0)
           printf("ERROR \"%s\" is unknown command-line option\n", buffer);
@@ -3967,7 +3970,10 @@
     for (i = 1; i < argc; i++)
       if (strcmp(argv[i], "c"))
         if (!strstr(argv[i], "path")) {
-          strcpy(buffer, argv[i]);
+         //This is a security flaw (see http://bugs.debian.org/203541
+         //strcpy(buffer, argv[i]);
+         memset(buffer,'\0',sizeof(buffer));
+          strncpy(buffer,argv[i],sizeof(buffer)-1);
           result = Option(tree);
           if (result == 0)
             printf("ERROR \"%s\" is unknown command-line option\n", buffer);
@@ -3996,11 +4002,16 @@
  */
 #if defined(UNIX)
   input_stream = fopen(".craftyrc", "r");
-  if (!input_stream)
+  if (!input_stream) {
     if ((pwd = getpwuid(getuid()))) {
       sprintf(path, "%s/.craftyrc", pwd->pw_dir);
       input_stream = fopen(path, "r");
     }
+    if (!input_stream) {
+      sprintf (path, "%s/crafty.rc", rc_path);
+      input_stream = fopen (path, "r");
+    }
+  }
   if (input_stream)
 #else
   sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path);

Places

File crafty-23.2-security-203541.patch of Package crafty

Places