]>
Commit | Line | Data |
---|---|---|
088e1ff9 | 1 | # Fix remote buffer overflow vulnerability if an excessive remote error is sent |
2 | # and processed due to the text buffer overflowing. | |
3 | ||
4 | # Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security | |
5 | # Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing | |
6 | ||
7 | diff -ur bomberclone-0.11.6.2/src/menu.c bomberclone-0.11.6.2.plasmaroo/src/menu.c | |
8 | --- bomberclone-0.11.6.2/src/menu.c 2005-03-27 02:31:50.000000000 +0100 | |
9 | +++ bomberclone-0.11.6.2.plasmaroo/src/menu.c 2006-02-04 23:51:04.000000000 +0000 | |
10 | @@ -629,7 +629,7 @@ | |
11 | memset (text, 0, sizeof (text)); | |
12 | memset (out, 0, sizeof (out)); | |
13 | va_start (args, fmt); | |
14 | - vsprintf (text, fmt, args); | |
15 | + vsnprintf (text, 512, fmt, args); | |
16 | va_end (args); | |
17 | ||
18 | menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN, | |
19 | @@ -722,7 +724,7 @@ | |
20 | memset (text, 0, sizeof (text)); | |
21 | memset (out, 0, sizeof (out)); | |
22 | va_start (args, fmt); | |
23 | - vsprintf (text, fmt, args); | |
24 | + vsnprintf (text, 512, fmt, args); | |
25 | va_end (args); | |
26 | ||
27 | menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN, | |
28 | diff -ur bomberclone-0.11.6.2/src/menulabels.c bomberclone-0.11.6.2.plasmaroo/src/menulabels.c | |
29 | --- bomberclone-0.11.6.2/src/menulabels.c 2004-09-12 17:49:48.000000000 +0100 | |
30 | +++ bomberclone-0.11.6.2.plasmaroo/src/menulabels.c 2006-02-04 23:47:24.000000000 +0000 | |
31 | @@ -72,7 +72,7 @@ | |
32 | memset (text, 0, sizeof (text)); | |
33 | memset (out, 0, sizeof (out)); | |
34 | va_start (args, fmt); | |
35 | - vsprintf (text, fmt, args); | |
36 | + vsnprintf (text, 1024, fmt, args); | |
37 | va_end (args); | |
38 | ||
39 | menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines); |