SECURITY: (GID games)

Prevent buffer overflow from environment variable; from Debian.
This commit is contained in:
naddy 2004-03-02 22:18:53 +00:00
parent e5f65fcb14
commit ec03d9af91
8 changed files with 132 additions and 7 deletions

View File

@ -1,9 +1,9 @@
# $OpenBSD: Makefile,v 1.5 2003/12/18 03:56:19 naddy Exp $
# $OpenBSD: Makefile,v 1.6 2004/03/02 22:18:53 naddy Exp $
COMMENT= "breakout game with many levels, powerups, good graphics"
VERSION= 2.2.2
DISTNAME= lbreakout2-${VERSION}
DISTNAME= lbreakout2-2.2.2
PKGNAME= ${DISTNAME}p0
CATEGORIES= games x11
HOMEPAGE= http://lgames.sourceforge.net/index.php?action=show_project&project=LBreakout2
@ -28,8 +28,4 @@ CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include/libpng" \
USE_X11= Yes
USE_GMAKE= Yes
# avoid triggering aclocal/automake
post-patch:
@touch -r ${WRKSRC}/aclocal.m4 ${WRKSRC}/configure.in
.include <bsd.port.mk>

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_config_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/config.c.orig 2002-02-22 12:58:37.000000000 +0100
+++ src/config.c 2004-03-02 21:55:07.000000000 +0100
@@ -40,7 +40,7 @@ Config config;
void config_check_dir()
{
char level_dir[512];
- sprintf( config.dir_name, "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+ snprintf( config.dir_name, sizeof(config.dir_name), "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
/* test and create .lgames */
if ( opendir( config.dir_name ) == 0 ) {
fprintf( stderr, "couldn't find/open config directory '%s'\n", config.dir_name );

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_editor_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/editor.c.orig 2002-02-22 12:59:28.000000000 +0100
+++ src/editor.c 2004-03-02 21:55:07.000000000 +0100
@@ -725,7 +725,7 @@ int editor_init( char *file_name )
{
FILE *file = 0;
/* set full file name */
- sprintf( edit_file_name, "%s/%s/lbreakout2-levels/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME, file_name );
+ snprintf( edit_file_name, sizeof(edit_file_name), "%s/%s/lbreakout2-levels/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME, file_name );
/* test this file for write access. use append to keep contents */
if ( ( file = fopen( edit_file_name, "a" ) ) == 0 ) {
fprintf( stderr, "Permission to write to file '%s' denied.\n", edit_file_name );

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_game_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/game.c.orig 2002-02-22 13:00:24.000000000 +0100
+++ src/game.c 2004-03-02 21:55:07.000000000 +0100
@@ -561,7 +561,7 @@ int game_init()
/* load level */
setname = levelset_names[config.levelset_id];
if ( levelset_names[config.levelset_id][0] == '~' ) {
- sprintf( path, "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+ snprintf( path, sizeof(path), "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
setname++;
}
else

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_levels_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/levels.c.orig 2002-02-22 13:00:43.000000000 +0100
+++ src/levels.c 2004-03-02 21:55:07.000000000 +0100
@@ -220,7 +220,7 @@ void levelsets_load_names()
/* create dynamic list */
names = list_create( LIST_NO_AUTO_DELETE, NO_CALLBACK );
/* parse home directory */
- sprintf( level_dir, "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+ snprintf( level_dir, sizeof(level_dir), "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
text = get_file_list( level_dir, 0, level_dir );
for ( i = 0; i < text->count; i++ ) {
/* filter stuff */

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_main_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/main.c.orig 2002-02-22 13:02:01.000000000 +0100
+++ src/main.c 2004-03-02 21:55:07.000000000 +0100
@@ -106,7 +106,7 @@ int main(int argc, char *argv[])
/* new set? */
if ( strequal( "<CREATE SET>", levelset_home_names[config.levelset_home_id] ) ) {
editor_file = calloc( 16, sizeof( char ) );
- sprintf( path, "%s/%s/lbreakout2-levels", getenv( "HOME" ), CONFIG_DIR_NAME );
+ snprintf( path, sizeof(path), "%s/%s/lbreakout2-levels", getenv( "HOME" ), CONFIG_DIR_NAME );
if ( !enter_string( font, "Set Name:", editor_file, 12 ) || !file_check( path, editor_file, "w" ) ) {
free( editor_file );
break;

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_manager_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/manager.c.orig 2002-02-16 15:06:24.000000000 +0100
+++ src/manager.c 2004-03-02 21:55:07.000000000 +0100
@@ -126,7 +126,7 @@ void cb_delete_set()
return;
}
/* get file name + path */
- sprintf( fname, "%s/%s/lbreakout2-levels/%s", getenv( "HOME" ), CONFIG_DIR_NAME, levelset_home_names[config.levelset_home_id] );
+ snprintf( fname, sizeof(fname), "%s/%s/lbreakout2-levels/%s", getenv( "HOME" ), CONFIG_DIR_NAME, levelset_home_names[config.levelset_home_id] );
remove( fname );
levelsets_load_names(); /* reinit name lists and configs indices */
/* reassign these name lists as position in memory has changed */

View File

@ -0,0 +1,57 @@
$OpenBSD: patch-src_theme_c,v 1.1 2004/03/02 22:18:53 naddy Exp $
--- src/theme.c.orig 2002-02-19 15:12:22.000000000 +0100
+++ src/theme.c 2004-03-02 21:55:07.000000000 +0100
@@ -115,7 +115,7 @@ SDL_Surface* theme_load_surf( char *name
{
SDL_Surface *surf = 0;
char path[512];
- sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+ snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
if ( strequal( theme_name, "Default" ) || ( surf = load_surf( path, SDL_SWSURFACE | SDL_NONFATAL ) ) == 0 )
surf = load_surf( name, SDL_SWSURFACE );
return surf;
@@ -125,7 +125,7 @@ Sound_Chunk* theme_load_sound( char *nam
{
Sound_Chunk *sound = 0;
char path[512];
- sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+ snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
if ( strequal( theme_name, "Default" ) || ( sound = sound_chunk_load( path ) ) == 0 )
sound = sound_chunk_load( name );
return sound;
@@ -135,7 +135,7 @@ Font* theme_load_font_fixed( char *name,
{
Font *font = 0;
char path[512];
- sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+ snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
if ( strequal( theme_name, "Default" ) || ( font = load_fixed_font( path, start, len, width, SDL_SWSURFACE | SDL_NONFATAL ) ) == 0 )
font = load_fixed_font( name, start, len, width, SDL_SWSURFACE );
return font;
@@ -201,7 +201,7 @@ void theme_load_bkgnds()
struct stat filestat;
char path[512];
char fname[512];
- sprintf( fname, "%s/.lgames/lbreakout2-themes/%s/back0.png", getenv( "HOME" ), theme_name );
+ snprintf( fname, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/back0.png", getenv( "HOME" ), theme_name );
if ( strequal( theme_name, "Default" ) || stat( fname, &filestat ) == -1 ) {
/* use original backs */
bkgnd_count = BACK_COUNT;
@@ -209,7 +209,7 @@ void theme_load_bkgnds()
}
else {
/* use new backs */
- sprintf( path, "%s/.lgames/lbreakout2-themes/%s", getenv( "HOME" ), theme_name );
+ snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s", getenv( "HOME" ), theme_name );
bkgnd_count = -1;
do {
bkgnd_count++;
@@ -248,7 +248,7 @@ void theme_get_list()
/* auxilary list */
list = list_create( LIST_NO_AUTO_DELETE, NO_CALLBACK );
/* theme directory */
- sprintf( dir, "%s/.lgames/lbreakout2-themes", getenv( "HOME" ) );
+ snprintf( dir, sizeof(dir), "%s/.lgames/lbreakout2-themes", getenv( "HOME" ) );
if ( ( hdir = opendir( dir ) ) != 0 ) {
while ( ( entry = readdir( hdir ) ) ) {
if ( entry->d_name[0] == '.' )