diff options
author | Mike Frysinger <vapier@gentoo.org> | 2006-02-12 22:02:53 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2006-02-12 22:02:53 +0000 |
commit | 9a6f5a0ec7b6baea00646a7a3ad602fb5fc40753 (patch) | |
tree | 63754dd4ae8c03ddfbc369667184988ceeffc958 /games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch | |
parent | 2.2.1 version bump. Install scripts under aoi's lib directory. Fixes bug 1226... (diff) | |
download | historical-9a6f5a0ec7b6baea00646a7a3ad602fb5fc40753.tar.gz historical-9a6f5a0ec7b6baea00646a7a3ad602fb5fc40753.tar.bz2 historical-9a6f5a0ec7b6baea00646a7a3ad602fb5fc40753.zip |
Patch by Tim Yamin to fix security issues #121605.
Package-Manager: portage-2.1_pre4-r1
Diffstat (limited to 'games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch')
-rw-r--r-- | games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch b/games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch new file mode 100644 index 000000000000..78ae160197ba --- /dev/null +++ b/games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch @@ -0,0 +1,39 @@ +# Fix remote buffer overflow vulnerability if an excessive remote error is sent +# and processed due to the text buffer overflowing. + +# Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security +# Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing + +http://bugs.gentoo.org/121605 + +--- bomberclone-0.11.6.2/src/menu.c ++++ bomberclone-0.11.6.2/src/menu.c +@@ -629,7 +629,7 @@ + memset (text, 0, sizeof (text)); + memset (out, 0, sizeof (out)); + va_start (args, fmt); +- vsprintf (text, fmt, args); ++ vsnprintf (text, 512, fmt, args); + va_end (args); + + menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN, +@@ -722,7 +724,7 @@ + memset (text, 0, sizeof (text)); + memset (out, 0, sizeof (out)); + va_start (args, fmt); +- vsprintf (text, fmt, args); ++ vsnprintf (text, 512, fmt, args); + va_end (args); + + menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN, +--- bomberclone-0.11.6.2/src/menulabels.c ++++ bomberclone-0.11.6.2/src/menulabels.c +@@ -72,7 +72,7 @@ + memset (text, 0, sizeof (text)); + memset (out, 0, sizeof (out)); + va_start (args, fmt); +- vsprintf (text, fmt, args); ++ vsnprintf (text, 1024, fmt, args); + va_end (args); + + menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines); |