Date: Tue, 23 Apr 2002 14:52:10 -0700 (PDT) From: Niels Heinen <niels.heinen@ubizen.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/37400: The cosmo game contains unchecked buffers Message-ID: <200204232152.g3NLqAD92256@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 37400 >Category: ports >Synopsis: The cosmo game contains unchecked buffers >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 23 15:00:03 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Niels Heinen >Release: 4.5 >Organization: >Environment: FreeBSD lappie 4.5-STABLE FreeBSD 4.5-STABLE #0: Thu Apr 18 02:05:19 CEST 2002 root@lappie:/usr/obj/usr/src/sys/GENERIC i386 >Description: The cosmo game, which is installed setgid games can be cause to segfault trought the -display and -bg parameters. Additionally, during some test it tried to free() memory that was already given back to the system. >How-To-Repeat: cosmo -display <A x 10000> cosmo -bg <A x 10000> >Fix: --- cosmo2/setup.c Sat May 11 08:48:32 1996 +++ cosmo2-new/setup.c Tue Apr 23 23:37:10 2002 @@ -106,7 +106,8 @@ { i++; if(i>=ac) break; - strcpy(display,av[i]); + strncpy(display,av[i],sizeof(display)); + display[sizeof(display) - 1] = '\0'; } else if(!strcmp(av[i],"-cmap")) { @@ -120,7 +121,8 @@ { i++; if(i>=ac) show_usage(); - strcpy(bgfn,av[i]); + strncpy(bgfn,av[i],sizeof(bgfn)); + bgfn[sizeof(bgfn) - 1] = '\0'; } else if(!strcmp(av[i],"-rough")) { @@ -139,7 +141,7 @@ { i++; if(i>=ac) show_usage(); - if(strcmp(av[i],"no")) strcpy(pad_dev,av[i]); + if(strcmp(av[i],"no")) strncpy(pad_dev,av[i],sizeof(pad_dev)); pad_dev[sizeof(pad_dev) - 1] = '\0'; else upad=0; } #endif @@ -154,10 +156,14 @@ user.uid=getuid(); p=getpwuid(user.uid); - strcpy(user.name,p->pw_name); - strcpy(home_dir,p->pw_dir); + strncpy(user.name,p->pw_name,sizeof(user.name)); + user.name[sizeof(user.name) - 1] = '\0'; + + strncpy(home_dir,p->pw_dir,sizeof(home_dir)); + home_dir[sizeof(home_dir) -1] = '\0'; if( home_dir[strlen(home_dir)-1] != '/' ) strcat(home_dir,"/"); - strcpy(rc_file,home_dir); + strncpy(rc_file,home_dir,sizeof(rc_file)); + rc_file[sizeof(rc_file) - 1 ] = '\0'; strcat(rc_file,".cosmorc"); } @@ -195,14 +201,16 @@ show_error("Too Few Arguments",buf,line,2); return; } - strcpy(colorname,p); + strncpy(colorname,p,sizeof(colorname)); + colorname[sizeof(colorname) - 1] = '\0'; if( (p=getnword(buf,2))==NULL ) { show_error("Too Few Arguments",buf,line,3); return; } - strcpy(color,p); + strncpy(color,p,sizeof(color)); + color[sizeof(color)] = '\0'; if( !strcmp(colorname,"Background") ) strcpy(colors[Back],color); else if( !strcmp(colorname,"Foreground") ) strcpy(colors[Fore],color); @@ -298,7 +306,8 @@ i=1; while(p[i]!='/'&&p[i]!='\0') name[i-1]=p[i++]; name[i-1]='\0'; - if(i==1) strcpy(name,user.name); + if(i==1) strncpy(name,user.name,sizeof(name)); + name[sizeof(name) -1] = '\0'; do { >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204232152.g3NLqAD92256>