[packages/bomberclone.git] / bomberclone-fix-kaboom.patch

# Fix remote buffer overflow vulnerability if an excessive remote error is sent
# and processed due to the text buffer overflowing.

# Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security
# Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing

diff -ur bomberclone-0.11.6.2/src/menu.c bomberclone-0.11.6.2.plasmaroo/src/menu.c
--- bomberclone-0.11.6.2/src/menu.c	2005-03-27 02:31:50.000000000 +0100
+++ bomberclone-0.11.6.2.plasmaroo/src/menu.c	2006-02-04 23:51:04.000000000 +0000
@@ -629,7 +629,7 @@
     memset (text, 0, sizeof (text));
     memset (out, 0, sizeof (out));
     va_start (args, fmt);
-    vsprintf (text, fmt, args);
+    vsnprintf (text, 512, fmt, args);
     va_end (args);
 
     menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
@@ -722,7 +724,7 @@
     memset (text, 0, sizeof (text));
     memset (out, 0, sizeof (out));
     va_start (args, fmt);
-    vsprintf (text, fmt, args);
+    vsnprintf (text, 512, fmt, args);
     va_end (args);
 
     menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
diff -ur bomberclone-0.11.6.2/src/menulabels.c bomberclone-0.11.6.2.plasmaroo/src/menulabels.c
--- bomberclone-0.11.6.2/src/menulabels.c	2004-09-12 17:49:48.000000000 +0100
+++ bomberclone-0.11.6.2.plasmaroo/src/menulabels.c	2006-02-04 23:47:24.000000000 +0000
@@ -72,7 +72,7 @@
 	memset (text, 0, sizeof (text));
 	memset (out, 0, sizeof (out));
 	va_start (args, fmt);
-	vsprintf (text, fmt, args);
+	vsnprintf (text, 1024, fmt, args);
 	va_end (args);
 
 	menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines);
Commit	Line	Data
088e1ff9	1	# Fix remote buffer overflow vulnerability if an excessive remote error is sent
	2	# and processed due to the text buffer overflowing.
	3
	4	# Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security
	5	# Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing
	6
	7	diff -ur bomberclone-0.11.6.2/src/menu.c bomberclone-0.11.6.2.plasmaroo/src/menu.c
	8	--- bomberclone-0.11.6.2/src/menu.c 2005-03-27 02:31:50.000000000 +0100
	9	+++ bomberclone-0.11.6.2.plasmaroo/src/menu.c 2006-02-04 23:51:04.000000000 +0000
	10	@@ -629,7 +629,7 @@
	11	memset (text, 0, sizeof (text));
	12	memset (out, 0, sizeof (out));
	13	va_start (args, fmt);
	14	- vsprintf (text, fmt, args);
	15	+ vsnprintf (text, 512, fmt, args);
	16	va_end (args);
	17
	18	menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
	19	@@ -722,7 +724,7 @@
	20	memset (text, 0, sizeof (text));
	21	memset (out, 0, sizeof (out));
	22	va_start (args, fmt);
	23	- vsprintf (text, fmt, args);
	24	+ vsnprintf (text, 512, fmt, args);
	25	va_end (args);
	26
	27	menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
	28	diff -ur bomberclone-0.11.6.2/src/menulabels.c bomberclone-0.11.6.2.plasmaroo/src/menulabels.c
	29	--- bomberclone-0.11.6.2/src/menulabels.c 2004-09-12 17:49:48.000000000 +0100
	30	+++ bomberclone-0.11.6.2.plasmaroo/src/menulabels.c 2006-02-04 23:47:24.000000000 +0000
	31	@@ -72,7 +72,7 @@
	32	memset (text, 0, sizeof (text));
	33	memset (out, 0, sizeof (out));
	34	va_start (args, fmt);
	35	- vsprintf (text, fmt, args);
	36	+ vsnprintf (text, 1024, fmt, args);
	37	va_end (args);
	38
	39	menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines);