[liquidwar/f16] Fix init script, buffer overflow.

Jon Ciesla limb at fedoraproject.org
Mon Apr 9 16:14:38 UTC 2012 

commit c528dd53d85ca950648bc04fdc74b26283accb4b
Author: Jon Ciesla <limburgher at gmail.com>
Date:   Mon Apr 9 11:14:26 2012 -0500

    Fix init script, buffer overflow.

 liquidwar-5.6.4-srv-overflow.patch |   13 +++++++++++++
 liquidwar.init                     |    2 +-
 liquidwar.spec                     |   10 +++++++++-
 3 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/liquidwar-5.6.4-srv-overflow.patch b/liquidwar-5.6.4-srv-overflow.patch
new file mode 100644
index 0000000..cebe89f
--- /dev/null
+++ b/liquidwar-5.6.4-srv-overflow.patch
@@ -0,0 +1,13 @@
+--- src/wwwsrv.c~	2007-10-17 15:00:50.000000000 -0500
++++ src/wwwsrv.c	2012-04-09 09:49:48.641466938 -0500
+@@ -104,8 +104,8 @@
+   data->port = port;
+   data->busy_players = busy_players;
+   data->max_players = max_players;
+-  strncpy (data->password, password, URL_SIZE);
+-  strncpy (data->comment, comment, URL_SIZE);
++  strncpy (data->password, password, sizeof(data->password));
++  strncpy (data->comment, comment, sizeof(data->comment));
+ }
+ 
+ /*------------------------------------------------------------------*/
diff --git a/liquidwar.init b/liquidwar.init
index 91774b5..026309d 100644
--- a/liquidwar.init
+++ b/liquidwar.init
@@ -38,7 +38,7 @@ start() {
     fi
 
     # This doesn't properly detect startup failures
-    daemon --user liquidwar $exec $LIQUIDWAR_OPTIONS >>/var/log/${prog}.log 2>&1 &
+    daemon --user liquidwar "$exec $LIQUIDWAR_OPTIONS" >>/var/log/${prog}.log 2>&1 &
     retval=$?
     if [ $retval -eq 0 ]; then
         success
diff --git a/liquidwar.spec b/liquidwar.spec
index 2fb2b06..bd0c45a 100644
--- a/liquidwar.spec
+++ b/liquidwar.spec
@@ -1,6 +1,6 @@
 Name:           liquidwar
 Version:        5.6.4
-Release:        9%{?dist}
+Release:        9.1%{?dist}
 Summary:        Multiplayer wargame with liquid armies
 Group:          Amusements/Games
 License:        GPLv2+
@@ -9,6 +9,7 @@ Source0:        http://download.savannah.nongnu.org/releases/%{name}/%{name}-%{v
 Source1:        liquidwar.init 
 Source2:        liquidwar.sysconfig 
 Source3:        liquidwar.logrotate 
+Patch0:		liquidwar-5.6.4-srv-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  allegro-devel allegro-tools tetex-latex python texinfo
 BuildRequires:  desktop-file-utils
@@ -48,6 +49,9 @@ This package contains the server for hosting network LiquidWar games.
 
 %prep
 %setup -q
+
+%patch0 -p0 -b .overflow
+
 # don't strip the binaries please 
 sed -i 's/install\(\s\+-c\)\?\s\+-s/install/g' Makefile.in
 # fix manpage doc reference
@@ -182,6 +186,10 @@ fi
 
 
 %changelog
+* Mon Apr 09 2012 Jon Ciesla <limburgher at gmail.com - 5.6.4-9.1
+- Patch for server buffer overflow, BZ 810607.
+- Fix initscript.
+
 * Fri Jul 15 2011 Jon Ciesla <limb at jcomserv.net> - 5.6.4-9
 - Bump and rebuild for new Allegro.

More information about the scm-commits mailing list