[packages/ggz-server.git] / ggz-server-format-security.patch

--- ggz-server-0.0.14.1/ggzd/players.c.orig	2012-11-18 21:05:32.065729146 +0100
+++ ggz-server-0.0.14.1/ggzd/players.c	2012-11-18 21:06:03.019061387 +0100
@@ -971,7 +971,7 @@
 
 	for (i = first; i < last; i++) {
 		if (table->seat_types[i] == GGZ_SEAT_PLAYER) {
-			snprintf(entry.handle, sizeof(entry.handle), player->name);
+			snprintf(entry.handle, sizeof(entry.handle), "%s", player->name);
 			status = ggzdb_player_get(&entry);
 
 			do_send = 1;
@@ -982,7 +982,7 @@
 			if (status == GGZDB_NO_ERROR) {
 				realname = ggz_strdup(entry.name);
 
-				snprintf(extentry.handle, sizeof(extentry.handle), player->name);
+				snprintf(extentry.handle, sizeof(extentry.handle), "%s", player->name);
 				status = ggzdb_player_get_extended(&extentry);
 				if (status == GGZDB_NO_ERROR) {
 					photo = ggz_strdup(extentry.photo);
@@ -1552,7 +1552,7 @@
 	if (ggz_perms_is_set(rcvr->perms, perm) != set) {
 		ggzdbPlayerEntry entry;
 
-		snprintf(entry.handle, sizeof(entry.handle), rcvr->name);
+		snprintf(entry.handle, sizeof(entry.handle), "%s", rcvr->name);
 		if (ggzdb_player_get(&entry) != GGZDB_NO_ERROR) {
 			pthread_rwlock_unlock(&rcvr->lock);
 			if (net_send_admin_result(player->client->net,
--- ggz-server-0.0.14.1/ggzd/net.c.orig	2012-11-18 21:06:29.149060466 +0100
+++ ggz-server-0.0.14.1/ggzd/net.c	2012-11-18 21:06:47.019059835 +0100
@@ -370,7 +370,7 @@
 		
 	for (i = 0; i < num; i++) {
 		line = motd_get_line(i);
-		_net_send_line(net, line);
+		_net_send_line(net, "%s", line);
 		ggz_free(line);
 	}
 
--- ggz-server-0.0.14.1/ggzd/stats.c.orig	2012-11-18 21:07:04.102392566 +0100
+++ ggz-server-0.0.14.1/ggzd/stats.c	2012-11-18 21:07:32.142391577 +0100
@@ -265,7 +265,7 @@
 		}
 
 		snprintf(player.handle, sizeof(player.handle),
-			 report->names[i]);
+			 "%s", report->names[i]);
 
 		/* Find out player type */
 		if (report->types[i] == GGZ_SEAT_BOT) {
@@ -307,7 +307,7 @@
 
 		if (report->types[i] == GGZ_SEAT_PLAYER) {
 			snprintf(stats[i].player, sizeof(stats[i].player),
-				 report->names[i]);
+				 "%s", report->names[i]);
 		} else if (report->types[i] == GGZ_SEAT_BOT) {
 			if(!ggz_strcmp(report->names[i], "AI")) {
 				snprintf(stats[i].player, sizeof(stats[i].player),
--- ggz-server-0.0.14.1/ggzd/login.c~	2008-01-05 20:03:09.000000000 +0100
+++ ggz-server-0.0.14.1/ggzd/login.c	2012-11-18 21:07:53.722390816 +0100
@@ -74,7 +74,7 @@
 
 	new_pw[0] = '\0';
 	if(password)
-		snprintf(new_pw, sizeof(new_pw), password);
+		snprintf(new_pw, sizeof(new_pw), "%s", password);
 
 	dbg_msg(GGZ_DBG_CONNECTION, "Player %p attempting login as %d",
 	        player, type);
--- ggz-server-0.0.14.1/game_servers/ggzcards/games/bridge.c~	2008-01-05 20:02:58.000000000 +0100
+++ ggz-server-0.0.14.1/game_servers/ggzcards/games/bridge.c	2012-11-18 21:28:51.902346432 +0100
@@ -585,7 +585,7 @@
 	/* TODO: vulnerable, etc. */
 
 	set_global_message("", "%s", buf);
-	set_global_message("Hand Score", buf2);
+	set_global_message("Hand Score", "%s", buf2);
 	bridge_set_score_message();
 
 	BRIDGE.declarer = BRIDGE.dummy = -1;
--- ggz-server-0.0.14.1/game_servers/ggzcards/games/euchre.c~	2008-01-05 20:02:58.000000000 +0100
+++ ggz-server-0.0.14.1/game_servers/ggzcards/games/euchre.c	2012-11-18 21:29:14.285678973 +0100
@@ -443,8 +443,8 @@
 
 	snprintf(buf, sizeof(buf), msg, tricks, value);
 	/* This message is quickly overwritten by the up-card message.  Ugh. */
-	set_global_message("", buf);
-	set_global_message("Scoring History", buf);	/* FIXME: this should 
+	set_global_message("", "%s", buf);
+	set_global_message("Scoring History", "%s", buf);	/* FIXME: this should 
 							   be added to the
 							   history, not
 							   overwrite it. */
Commit	Line	Data
2c1719f1 JR	1	--- ggz-server-0.0.14.1/ggzd/players.c.orig 2012-11-18 21:05:32.065729146 +0100
	2	+++ ggz-server-0.0.14.1/ggzd/players.c 2012-11-18 21:06:03.019061387 +0100
	3	@@ -971,7 +971,7 @@
	4
	5	for (i = first; i < last; i++) {
	6	if (table->seat_types[i] == GGZ_SEAT_PLAYER) {
	7	- snprintf(entry.handle, sizeof(entry.handle), player->name);
	8	+ snprintf(entry.handle, sizeof(entry.handle), "%s", player->name);
	9	status = ggzdb_player_get(&entry);
	10
	11	do_send = 1;
	12	@@ -982,7 +982,7 @@
	13	if (status == GGZDB_NO_ERROR) {
	14	realname = ggz_strdup(entry.name);
	15
	16	- snprintf(extentry.handle, sizeof(extentry.handle), player->name);
	17	+ snprintf(extentry.handle, sizeof(extentry.handle), "%s", player->name);
	18	status = ggzdb_player_get_extended(&extentry);
	19	if (status == GGZDB_NO_ERROR) {
	20	photo = ggz_strdup(extentry.photo);
	21	@@ -1552,7 +1552,7 @@
	22	if (ggz_perms_is_set(rcvr->perms, perm) != set) {
	23	ggzdbPlayerEntry entry;
	24
	25	- snprintf(entry.handle, sizeof(entry.handle), rcvr->name);
	26	+ snprintf(entry.handle, sizeof(entry.handle), "%s", rcvr->name);
	27	if (ggzdb_player_get(&entry) != GGZDB_NO_ERROR) {
	28	pthread_rwlock_unlock(&rcvr->lock);
	29	if (net_send_admin_result(player->client->net,
	30	--- ggz-server-0.0.14.1/ggzd/net.c.orig 2012-11-18 21:06:29.149060466 +0100
	31	+++ ggz-server-0.0.14.1/ggzd/net.c 2012-11-18 21:06:47.019059835 +0100
	32	@@ -370,7 +370,7 @@
	33
	34	for (i = 0; i < num; i++) {
	35	line = motd_get_line(i);
	36	- _net_send_line(net, line);
	37	+ _net_send_line(net, "%s", line);
	38	ggz_free(line);
	39	}
	40
	41	--- ggz-server-0.0.14.1/ggzd/stats.c.orig 2012-11-18 21:07:04.102392566 +0100
	42	+++ ggz-server-0.0.14.1/ggzd/stats.c 2012-11-18 21:07:32.142391577 +0100
	43	@@ -265,7 +265,7 @@
	44	}
	45
	46	snprintf(player.handle, sizeof(player.handle),
	47	- report->names[i]);
	48	+ "%s", report->names[i]);
	49
	50	/* Find out player type */
	51	if (report->types[i] == GGZ_SEAT_BOT) {
	52	@@ -307,7 +307,7 @@
	53
	54	if (report->types[i] == GGZ_SEAT_PLAYER) {
	55	snprintf(stats[i].player, sizeof(stats[i].player),
	56	- report->names[i]);
	57	+ "%s", report->names[i]);
	58	} else if (report->types[i] == GGZ_SEAT_BOT) {
	59	if(!ggz_strcmp(report->names[i], "AI")) {
	60	snprintf(stats[i].player, sizeof(stats[i].player),
	61	--- ggz-server-0.0.14.1/ggzd/login.c~ 2008-01-05 20:03:09.000000000 +0100
	62	+++ ggz-server-0.0.14.1/ggzd/login.c 2012-11-18 21:07:53.722390816 +0100
	63	@@ -74,7 +74,7 @@
	64
65	new_pw[0] = '\0';
66	if(password)
67	- snprintf(new_pw, sizeof(new_pw), password);
68	+ snprintf(new_pw, sizeof(new_pw), "%s", password);
69
70	dbg_msg(GGZ_DBG_CONNECTION, "Player %p attempting login as %d",
71	player, type);
a7715b0a JR	72	--- ggz-server-0.0.14.1/game_servers/ggzcards/games/bridge.c~ 2008-01-05 20:02:58.000000000 +0100
	73	+++ ggz-server-0.0.14.1/game_servers/ggzcards/games/bridge.c 2012-11-18 21:28:51.902346432 +0100
	74	@@ -585,7 +585,7 @@
	75	/* TODO: vulnerable, etc. */
	76
	77	set_global_message("", "%s", buf);
	78	- set_global_message("Hand Score", buf2);
	79	+ set_global_message("Hand Score", "%s", buf2);
	80	bridge_set_score_message();
	81
	82	BRIDGE.declarer = BRIDGE.dummy = -1;
	83	--- ggz-server-0.0.14.1/game_servers/ggzcards/games/euchre.c~ 2008-01-05 20:02:58.000000000 +0100
	84	+++ ggz-server-0.0.14.1/game_servers/ggzcards/games/euchre.c 2012-11-18 21:29:14.285678973 +0100
	85	@@ -443,8 +443,8 @@
	86
	87	snprintf(buf, sizeof(buf), msg, tricks, value);
	88	/* This message is quickly overwritten by the up-card message. Ugh. */
	89	- set_global_message("", buf);
	90	- set_global_message("Scoring History", buf); /* FIXME: this should
	91	+ set_global_message("", "%s", buf);
	92	+ set_global_message("Scoring History", "%s", buf); /* FIXME: this should
	93	be added to the
	94	history, not
	95	overwrite it. */