[liquidwar/f16] Fix init script, buffer overflow.
Jon Ciesla
limb at fedoraproject.org
Mon Apr 9 16:14:38 UTC 2012
commit c528dd53d85ca950648bc04fdc74b26283accb4b
Author: Jon Ciesla <limburgher at gmail.com>
Date: Mon Apr 9 11:14:26 2012 -0500
Fix init script, buffer overflow.
liquidwar-5.6.4-srv-overflow.patch | 13 +++++++++++++
liquidwar.init | 2 +-
liquidwar.spec | 10 +++++++++-
3 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/liquidwar-5.6.4-srv-overflow.patch b/liquidwar-5.6.4-srv-overflow.patch
new file mode 100644
index 0000000..cebe89f
--- /dev/null
+++ b/liquidwar-5.6.4-srv-overflow.patch
@@ -0,0 +1,13 @@
+--- src/wwwsrv.c~ 2007-10-17 15:00:50.000000000 -0500
++++ src/wwwsrv.c 2012-04-09 09:49:48.641466938 -0500
+@@ -104,8 +104,8 @@
+ data->port = port;
+ data->busy_players = busy_players;
+ data->max_players = max_players;
+- strncpy (data->password, password, URL_SIZE);
+- strncpy (data->comment, comment, URL_SIZE);
++ strncpy (data->password, password, sizeof(data->password));
++ strncpy (data->comment, comment, sizeof(data->comment));
+ }
+
+ /*------------------------------------------------------------------*/
diff --git a/liquidwar.init b/liquidwar.init
index 91774b5..026309d 100644
--- a/liquidwar.init
+++ b/liquidwar.init
@@ -38,7 +38,7 @@ start() {
fi
# This doesn't properly detect startup failures
- daemon --user liquidwar $exec $LIQUIDWAR_OPTIONS >>/var/log/${prog}.log 2>&1 &
+ daemon --user liquidwar "$exec $LIQUIDWAR_OPTIONS" >>/var/log/${prog}.log 2>&1 &
retval=$?
if [ $retval -eq 0 ]; then
success
diff --git a/liquidwar.spec b/liquidwar.spec
index 2fb2b06..bd0c45a 100644
--- a/liquidwar.spec
+++ b/liquidwar.spec
@@ -1,6 +1,6 @@
Name: liquidwar
Version: 5.6.4
-Release: 9%{?dist}
+Release: 9.1%{?dist}
Summary: Multiplayer wargame with liquid armies
Group: Amusements/Games
License: GPLv2+
@@ -9,6 +9,7 @@ Source0: http://download.savannah.nongnu.org/releases/%{name}/%{name}-%{v
Source1: liquidwar.init
Source2: liquidwar.sysconfig
Source3: liquidwar.logrotate
+Patch0: liquidwar-5.6.4-srv-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: allegro-devel allegro-tools tetex-latex python texinfo
BuildRequires: desktop-file-utils
@@ -48,6 +49,9 @@ This package contains the server for hosting network LiquidWar games.
%prep
%setup -q
+
+%patch0 -p0 -b .overflow
+
# don't strip the binaries please
sed -i 's/install\(\s\+-c\)\?\s\+-s/install/g' Makefile.in
# fix manpage doc reference
@@ -182,6 +186,10 @@ fi
%changelog
+* Mon Apr 09 2012 Jon Ciesla <limburgher at gmail.com - 5.6.4-9.1
+- Patch for server buffer overflow, BZ 810607.
+- Fix initscript.
+
* Fri Jul 15 2011 Jon Ciesla <limb at jcomserv.net> - 5.6.4-9
- Bump and rebuild for new Allegro.
More information about the scm-commits
mailing list