- new

Changed files:
    crafty-security.patch -> 1.1

diff --git a/crafty-security.patch b/crafty-security.patch
new file mode 100644 (file)
index 0000000..2191307
--- /dev/null
+++ b/crafty-security.patch
@@ -0,0 +1,45 @@
+--- main.c.orig        2010-03-04 03:11:14.000000000 +0100
++++ main.c     2010-03-06 22:34:46.000000000 +0100
+@@ -3888,7 +3888,10 @@
+   if (argc > 1) {
+     for (i = 1; i < argc; i++) {
+       if (strstr(argv[i], "path") || strstr(argv[i], "log")) {
+-        strcpy(buffer, argv[i]);
++       //This is a security flaw (see http://bugs.debian.org/203541
++       //strcpy(buffer, argv[i]);
++       memset(buffer,'\0',sizeof(buffer));
++        strncpy(buffer,argv[i],sizeof(buffer)-1);
+         result = Option(tree);
+         if (result == 0)
+           printf("ERROR \"%s\" is unknown command-line option\n", buffer);
+@@ -3967,7 +3970,10 @@
+     for (i = 1; i < argc; i++)
+       if (strcmp(argv[i], "c"))
+         if (!strstr(argv[i], "path")) {
+-          strcpy(buffer, argv[i]);
++         //This is a security flaw (see http://bugs.debian.org/203541
++         //strcpy(buffer, argv[i]);
++         memset(buffer,'\0',sizeof(buffer));
++          strncpy(buffer,argv[i],sizeof(buffer)-1);
+           result = Option(tree);
+           if (result == 0)
+             printf("ERROR \"%s\" is unknown command-line option\n", buffer);
+@@ -3996,11 +4002,16 @@
+  */
+ #if defined(UNIX)
+   input_stream = fopen(".craftyrc", "r");
+-  if (!input_stream)
++  if (!input_stream) {
+     if ((pwd = getpwuid(getuid()))) {
+       sprintf(path, "%s/.craftyrc", pwd->pw_dir);
+       input_stream = fopen(path, "r");
+     }
++    if (!input_stream) {
++      sprintf (path, "%s/crafty.rc", rc_path);
++      input_stream = fopen (path, "r");
++    }
++  }
+   if (input_stream)
+ #else
+   sprintf(crafty_rc_file_spec, "%s/crafty.rc", rc_path);
+