projects / packages / crafty.git / blame
| Commit | Line | Data |
|---|---|---|
| f86d9ab9 JB |
1 | --- main.c.orig 2019-11-15 20:01:15.292710356 +0100 |
| 2 | +++ main.c 2019-11-15 20:08:22.987060003 +0100 | |
| 3 | @@ -4308,7 +4308,10 @@ | |
| 34030ae8 | 4 | for (i = 1; i < argc; i++) { |
| f86d9ab9 JB |
5 | if (strstr(argv[i], "path") || strstr(argv[i], "log") || |
| 6 | strstr(argv[1], "affinity")) { | |
| 34030ae8 | 7 | - strcpy(buffer, argv[i]); |
| f86d9ab9 JB |
8 | + //This is a security flaw (see http://bugs.debian.org/203541 |
| 9 | + //strcpy(buffer, argv[i]); | |
| 10 | + memset(buffer,'\0',sizeof(buffer)); | |
| 34030ae8 | 11 | + strncpy(buffer,argv[i],sizeof(buffer)-1); |
| 12 | result = Option(tree); | |
| 13 | if (result == 0) | |
| f86d9ab9 JB |
14 | Print(2048, "ERROR \"%s\" is unknown command-line option\n", |
| 15 | @@ -4328,11 +4331,16 @@ | |
| 34030ae8 | 16 | */ |
| 17 | #if defined(UNIX) | |
| 18 | input_stream = fopen(".craftyrc", "r"); | |
| 19 | - if (!input_stream) | |
| 20 | + if (!input_stream) { | |
| 21 | if ((pwd = getpwuid(getuid()))) { | |
| 22 | sprintf(path, "%s/.craftyrc", pwd->pw_dir); | |
| 23 | input_stream = fopen(path, "r"); | |
| 24 | } | |
| 25 | + if (!input_stream) { | |
| 26 | + sprintf (path, "%s/crafty.rc", rc_path); | |
| 27 | + input_stream = fopen (path, "r"); | |
| 28 | + } | |
| 29 | + } | |
| 30 | if (input_stream) | |
| 31 | #else | |
| 32 | sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path); |