Commit ca70f1b77831604a3c91aac4dffc83c043984f66 - lbreakout2

Import Debian changes 2.5.2-2 lbreakout2 (2.5.2-2) unstable; urgency=high * Apply backported security fixes for bad usage of s*printf/scanf. Thanks to Moritz Muehlenhoff for spotting the problem in the upstream changelog and for sifting through the diff to find the relevant fixes. (Closes: #310468) Daniel Burrows authored 18 years ago Andreas Tille committed 5 years ago

9 changed file(s) with 29 addition(s) and 21 deletion(s). Raw diff Collapse all Expand all

-2

client/chart.c less more

137	137	if ( aux[0] != '>' ) break;
138	138	chart = calloc( 1, sizeof( Set_Chart ) );
139	139	/* get name: >>>name */
140		fscanf( file, ">>>%s\n", setname );
	140	fscanf( file, ">>>%1023s\n", setname );
141	141	chart->name = strdup( setname );
142	142	/* entries */
143	143	chart_read_entries( file, file_name, chart );

233	233	/* open file */
234	234	file = fopen( file_name, "w" );
235	235	if ( !file ) {
236		fprintf( stderr, "??? Highscore chart loaded properly but cannot save?\n" );
	236	fprintf( stderr, "??? Highscore chart loaded properly but cannot save? (%s)\n",file_name );
237	237	return;
238	238	}
239	239	/* save all charts */

-1

client/client_handlers.c less more

145	145
146	146	/* extract ip and port and build a new socket out of it */
147	147	gui_edit_get_text( edit_server, server, 128, 0, -1 );
148		snprintf( config.server, 64, server );
	148	snprintf( config.server, 64, "%s", server );
149	149	if ( !net_build_addr( &newaddr, server, 0 ) ) {
150	150	client_printf_chatter( 1, "ERROR: address %s does not resolve", config.server );
151	151	return;

-3

client/client_recv.c less more

156	156	/* users */
157	157	case MSG_ADD_USER:
158	158	num = msg_read_int32();
159		snprintf( name, 16, msg_read_string() ); name[15] = 0;
	159	snprintf( name, 16, "%s", msg_read_string() ); name[15] = 0;
160	160	if ( msg_read_failed() ) break;
161	161	client_add_user( num, name );
162	162	gui_list_update(

222	222	client_transmit( CODE_BLUE, msglen, msgbuf );
223	223	break;
224	224	}
225		snprintf( mp_peer_name, 15, msg_read_string() );
226		snprintf( mp_levelset, 16, msg_read_string() );
	225	snprintf( mp_peer_name, 15, "%s", msg_read_string() );
	226	snprintf( mp_levelset, 16, "%s", msg_read_string() );
227	227	mp_diff = msg_read_int8();
228	228	mp_rounds = msg_read_int8();
229	229	mp_frags = msg_read_int8();

-1

client/comm.c less more

236	236	break;
237	237	case MSG_ADD_USER:
238	238	i = msg_read_int32();
239		snprintf( name, 16, msg_read_string() ); name[15] = 0;
	239	snprintf( name, 16, "%s", msg_read_string() ); name[15] = 0;
240	240	if ( msg_read_failed() ) break;
241	241	client_add_user( i, name );
242	242	handled = 1;

-2

client/editor.c less more

638	638	strcpy( str, "" );
639	639	if ( edit_buttons[x][y] == BUTTON_EDIT_AUTHOR )
640	640	if ( enter_string( font, "Author's Name:", str, 24 ) ) {
641		snprintf( edit_cur_level->author, 31, str );
	641	snprintf( edit_cur_level->author, 31, "%s", str );
642	642	*full_update = 1;
643	643	}
644	644	if ( edit_buttons[x][y] == BUTTON_EDIT_NAME )
645	645	if ( enter_string( font, "Title:", str, 24 ) ) {
646		snprintf( edit_cur_level->name, 31, str );
	646	snprintf( edit_cur_level->name, 31, "%s", str );
647	647	*full_update = 1;
648	648	}
649	649	/* sel frame tile position */

-0

debian/changelog less more

	0	lbreakout2 (2.5.2-2) unstable; urgency=high
	1
	2	* Apply backported security fixes for bad usage of s*printf/scanf.
	3	Thanks to Moritz Muehlenhoff for spotting the problem in the upstream
	4	changelog and for sifting through the diff to find the relevant fixes. (Closes: #310468)
	5
	6	-- Daniel Burrows <dburrows@debian.org> Tue, 24 May 2005 18:52:21 -0700
	7
0	8	lbreakout2 (2.5.2-1) unstable; urgency=low
1	9
2	10	* New upstream release

-4

game/comm.c less more

493	493	{
494	494	char ptr = msg + pos;
495	495
496		snprintf( ptr, 16, level->name ); ptr[15] = 0; ptr += 16;
497		snprintf( ptr, 16, level->author); ptr[15] = 0; ptr += 16;
	496	snprintf( ptr, 16, "%s", level->name ); ptr[15] = 0; ptr += 16;
	497	snprintf( ptr, 16, "%s", level->author); ptr[15] = 0; ptr += 16;
498	498	memcpy( ptr, level->bricks, 252 ); ptr += 252;
499	499	memcpy( ptr, level->extras, 252 ); ptr += 252;
500	500

506	506	{
507	507	char ptr = msg + pos;
508	508
509		snprintf( level->name, 16, ptr ); ptr += 16;
510		snprintf( level->author, 16, ptr ); ptr += 16;
	509	snprintf( level->name, 16, "%s", ptr ); ptr += 16;
	510	snprintf( level->author, 16, "%s", ptr ); ptr += 16;
511	511	memcpy( level->bricks, ptr, 252 ); ptr += 252;
512	512	memcpy( level->extras, ptr, 252 ); ptr += 252;
513	513

-6

game/levels.c less more

73	73	if ( fname[0] != '/' ) /* keep global pathes */
74	74	snprintf( path, sizeof(path)-1, "%s/levels/%s", SRC_DIR, fname );
75	75	else
76		snprintf( path, sizeof(path)-1, fname );
	76	snprintf( path, sizeof(path)-1, "%s", fname );
77	77
78	78	if ( ( file = fopen( path, mode ) ) == 0 ) {
79	79	fprintf( stderr, "couldn't open %s\n", path );

191	191
192	192	if ( levels->count == 0 ) return 0;
193	193	set = salloc( 1, sizeof( LevelSet ) );
194		snprintf( set->name, 20, name );
	194	snprintf( set->name, 20, "%s", name );
195	195	set->levels = salloc( levels->count, sizeof( Level* ) );
196	196	set->count = levels->count;
197	197	set->version = version;

343	343	if ( !strequal( "Level:", buffer ) ) goto failure;
344	344	/* author */
345	345	if ( !next_line( file, buffer ) ) goto failure;
346		snprintf( level->author, 31, buffer );
	346	snprintf( level->author, 31, "%s", buffer );
347	347	/* level name */
348	348	if ( !next_line( file, buffer ) ) goto failure;
349		snprintf( level->name, 31, buffer );
	349	snprintf( level->name, 31, "%s", buffer );
350	350	/* bricks: */
351	351	if ( !next_line( file, buffer ) ) goto failure;
352	352	if ( !strequal( "Bricks:", buffer ) ) goto failure;

388	388	{
389	389	int i, j;
390	390	Level *level = calloc( 1, sizeof( Level ) );
391		snprintf( level->author, 31, author );
392		snprintf( level->name, 31, name );
	391	snprintf( level->author, 31, "%s", author );
	392	snprintf( level->name, 31, "%s", name );
393	393	/* empty arena */
394	394	for ( i = 0; i < EDIT_WIDTH; i++ )
395	395	for ( j = 0; j < EDIT_HEIGHT; j++ ) {

-2

gui/gui_edit.c less more

421	421	{
422	422	if ( widget->type != GUI_EDIT ) return;
423	423	/* copy text */
424		snprintf( widget->spec.edit.buffer, widget->spec.edit.size + 1, text );
	424	snprintf( widget->spec.edit.buffer, widget->spec.edit.size + 1, "%s", text );
425	425	widget->spec.edit.length = strlen( widget->spec.edit.buffer );
426	426	/* reset */
427	427	/* first character in first line */

455	455	if ( length > limit )
456	456	length = limit;
457	457	if ( length )
458		snprintf( buffer, limit, widget->spec.edit.buffer );
	458	snprintf( buffer, limit, "%s", widget->spec.edit.buffer );
459	459	else
460	460	buffer[0] = 0;
461	461	return 1;