Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 209409 | Product: Gentoo Linux | Version: unspecified | Platform: All |
| OS/Version: Linux | Status: RESOLVED | Severity: normal | Priority: P2 |
| Resolution: FIXED | Assigned To: games@gentoo.org | Reported By: jouva@moufette.com | |
| Component: Games | |||
| URL: | |||
| Summary: games-server/monopd-0.9.3-r1 security patch is broke and off by one | |||
| Keywords: | |||
| Status Whiteboard: | |||
| Opened: 2008-02-09 03:43 0000 | |||
| Description: | Opened: 2008-02-09 03:43 0000 |
The security patch for the commands to the server is incorrect. The first change (from data.substr(2) to data.substr(2,16)) is fine since that's where the proper data is. The new player function receives the FULL command (.nNickname). HOWEVER in the processCommands() function, the period is stripped (it's called with data+1). Therefore when CHANGING your nickname and calling it with data.substr(2,16) .nNickname sets one's nickname to "ickname". Likewise, the picture icon command is ALSO broken. The patch should be modified. Reproducible: Always
yes, upstream changed the patch. Resync and re-emerge to get the fixed up patch.