1 # Fix remote buffer overflow vulnerability if an excessive remote error is sent
2 # and processed due to the text buffer overflowing.
4 # Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security
5 # Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing
7 diff -ur bomberclone-0.11.6.2/src/menu.c bomberclone-0.11.6.2.plasmaroo/src/menu.c
8 --- bomberclone-0.11.6.2/src/menu.c 2005-03-27 02:31:50.000000000 +0100
9 +++ bomberclone-0.11.6.2.plasmaroo/src/menu.c 2006-02-04 23:51:04.000000000 +0000
11 memset (text, 0, sizeof (text));
12 memset (out, 0, sizeof (out));
14 - vsprintf (text, fmt, args);
15 + vsnprintf (text, 512, fmt, args);
18 menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
20 memset (text, 0, sizeof (text));
21 memset (out, 0, sizeof (out));
23 - vsprintf (text, fmt, args);
24 + vsnprintf (text, 512, fmt, args);
27 menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
28 diff -ur bomberclone-0.11.6.2/src/menulabels.c bomberclone-0.11.6.2.plasmaroo/src/menulabels.c
29 --- bomberclone-0.11.6.2/src/menulabels.c 2004-09-12 17:49:48.000000000 +0100
30 +++ bomberclone-0.11.6.2.plasmaroo/src/menulabels.c 2006-02-04 23:47:24.000000000 +0000
32 memset (text, 0, sizeof (text));
33 memset (out, 0, sizeof (out));
35 - vsprintf (text, fmt, args);
36 + vsnprintf (text, 1024, fmt, args);
39 menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines);