Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 139487 Details for
Bug 125902
<games-roguelike/nethack-3.4.3-r2: local privilege escalation and insecure savegame creation (CVE-2006-1390)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add bounds checking to fscanf() format strings
nethack-3.4.3-topten-scanf-fix.patch (text/plain), 1.36 KB, created by
Andrew Church
on 2007-12-28 08:34:31 UTC
(
hide
)
Description:
Add bounds checking to fscanf() format strings
Filename:
MIME Type:
Creator:
Andrew Church
Created:
2007-12-28 08:34:31 UTC
Size:
1.36 KB
patch
obsolete
>--- ../nethack-3.4.3-orig/src/topten.c 2003-12-08 08:39:13 +0900 >+++ src/topten.c 2007-12-28 17:29:15 +0900 >@@ -30,6 +30,7 @@ > > #define newttentry() (struct toptenentry *) alloc(sizeof(struct toptenentry)) > #define dealloc_ttentry(ttent) free((genericptr_t) (ttent)) >+/* IMPORTANT: if you change any of these, update the scanf() strings below */ > #define NAMSZ 10 > #define DTHSZ 100 > #define ROLESZ 3 >@@ -129,12 +130,16 @@ > { > #ifdef NO_SCAN_BRACK /* Version_ Pts DgnLevs_ Hp___ Died__Born id */ > static const char fmt[] = "%d %d %d %ld %d %d %d %d %d %d %ld %ld %d%*c"; >- static const char fmt32[] = "%c%c %s %s%*c"; >- static const char fmt33[] = "%s %s %s %s %s %s%*c"; >+ /* NOTE: "3" in "%3s" here MUST be equal to ROLESZ */ >+ static const char fmt32[] = "%c%c %3s %3s%*c"; >+ /* NOTE: in order, ROLESZ ROLESZ ROLESZ ROLESZ NAMSZ DTHSZ */ >+ static const char fmt33[] = "%3s %3s %3s %3s %10s %100s%*c"; > #else > static const char fmt[] = "%d.%d.%d %ld %d %d %d %d %d %d %ld %ld %d "; >- static const char fmt32[] = "%c%c %[^,],%[^\n]%*c"; >- static const char fmt33[] = "%s %s %s %s %[^,],%[^\n]%*c"; >+ /* NOTE: "3" in "%3[...]" here MUST be equal to ROLESZ */ >+ static const char fmt32[] = "%c%c %3[^,],%3[^\n]%*c"; >+ /* NOTE: in order, ROLESZ ROLESZ ROLESZ ROLESZ NAMSZ DTHSZ */ >+ static const char fmt33[] = "%3s %3s %3s %3s %10[^,],%100[^\n]%*c"; > #endif > > #ifdef UPDATE_RECORD_IN_PLACE
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 125902
: 139487 |
139490
|
139499
|
146573