- Fix a security bug

Obtained from: Freeciv SVN (-r 12105:12106) Security: http://www.vuxml.org/freebsd/2d9ad236-4d26-11db-b48d-00508d6a62df.html
svn path=/head/; revision=173865
2006-09-26 07:40:33 +00:00 · 2006-09-26 07:40:33 +00:00 · 669f3e5b1a · 2021-03-31 03:12:20 +00:00
commit 669f3e5b1a
parent c5d3e2419e
3 changed files with 23 additions and 1 deletions
--- a/games/freeciv/Makefile
+++ b/games/freeciv/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	freeciv
 PORTVERSION=	2.0.8
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	games
 MASTER_SITES=	ftp://ftp.freeciv.org/pub/freeciv/stable/ SF

--- a/games/freeciv/files/patch-common__packets.c
+++ b/games/freeciv/files/patch-common__packets.c
@ -0,0 +1,10 @@
+--- ./common/packets.c.orig	Mon Mar  6 06:35:23 2006
+++ ./common/packets.c	Tue Sep 26 11:21:55 2006
+@@ -577,6 +577,7 @@
+ 	  chunk->total_length, chunk->chunk_length);
+ 
+   if (chunk->total_length < 0
+      || chunk->chunk_length < 0
+       || chunk->total_length >= MAX_ATTRIBUTE_BLOCK
+       || chunk->offset < 0
+       || chunk->offset + chunk->chunk_length > chunk->total_length
--- a/games/freeciv/files/patch-server__unithand.c
+++ b/games/freeciv/files/patch-server__unithand.c
@ -0,0 +1,12 @@
+--- ./server/unithand.c.orig	Tue Dec 27 00:37:53 2005
+++ ./server/unithand.c	Tue Sep 26 11:21:55 2006
+@@ -1593,7 +1593,8 @@
+   struct unit *punit = player_find_unit_by_id(pplayer, packet->unit_id);
+   int i;
+ 
+-  if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE) {
+  if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE
+      || packet->length > MAX_LEN_ROUTE) {
+     return;
+   }
+