]>
Commit | Line | Data |
---|---|---|
f86d9ab9 JB |
1 | --- main.c.orig 2019-11-15 20:01:15.292710356 +0100 |
2 | +++ main.c 2019-11-15 20:08:22.987060003 +0100 | |
3 | @@ -4308,7 +4308,10 @@ | |
34030ae8 | 4 | for (i = 1; i < argc; i++) { |
f86d9ab9 JB |
5 | if (strstr(argv[i], "path") || strstr(argv[i], "log") || |
6 | strstr(argv[1], "affinity")) { | |
34030ae8 | 7 | - strcpy(buffer, argv[i]); |
f86d9ab9 JB |
8 | + //This is a security flaw (see http://bugs.debian.org/203541 |
9 | + //strcpy(buffer, argv[i]); | |
10 | + memset(buffer,'\0',sizeof(buffer)); | |
34030ae8 | 11 | + strncpy(buffer,argv[i],sizeof(buffer)-1); |
12 | result = Option(tree); | |
13 | if (result == 0) | |
f86d9ab9 JB |
14 | Print(2048, "ERROR \"%s\" is unknown command-line option\n", |
15 | @@ -4328,11 +4331,16 @@ | |
34030ae8 | 16 | */ |
17 | #if defined(UNIX) | |
18 | input_stream = fopen(".craftyrc", "r"); | |
19 | - if (!input_stream) | |
20 | + if (!input_stream) { | |
21 | if ((pwd = getpwuid(getuid()))) { | |
22 | sprintf(path, "%s/.craftyrc", pwd->pw_dir); | |
23 | input_stream = fopen(path, "r"); | |
24 | } | |
25 | + if (!input_stream) { | |
26 | + sprintf (path, "%s/crafty.rc", rc_path); | |
27 | + input_stream = fopen (path, "r"); | |
28 | + } | |
29 | + } | |
30 | if (input_stream) | |
31 | #else | |
32 | sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path); |