Bug#609096: Buffer overflow in xdigger with long argv[0]
Peter Pentchev
roam at ringlet.net
Sun Jan 16 21:30:07 UTC 2011
On Sun, Jan 16, 2011 at 07:25:01PM +0000, Adam D. Barratt wrote:
> On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote:
> > Here's the new debdiff; thanks for your time!
>
> Thanks for that.
>
> Two small things:
>
> +- strcat(strcpy(croom, " ROOM: "), slevel_number);
> [...]
> ++ snprintf(croom, sizeof(croom), " ROOM: %s", slevel_number);
>
> The new version has one fewer space than the original; I guessed that
> the double space might be so that the string aligns with " LIVES: ".
Oops. True. Fixed.
> +- strcpy(localhost, gethostbyname(localhost)->h_name);
> +- strcpy(xhost, gethostbyname(xhost)->h_name);
> ++ snprintf(localhost, sizeof(localhost), gethostbyname(localhost)->h_name);
> ++ snprintf(xhost, sizeof(xhost), gethostbyname(xhost)->h_name);
>
> Those should probably be strncpys, or have an explicit "%s" format string.
Argh. True. Fixed; don't know what I was thinking.
> +xdigger (1.0.10-13+lenny1) unstable; urgency=low
>
> s/unstable/stable/
Oops :)
> Okay, I lied; it was three things. :)
>
> With the above changes, please feel free to upload (bearing in mind that
> the deadline for inclusion in the next point release is tomorrow).
Thanks!
Well, since I'm not a full DD yet, and xdigger doesn't fall under my DM
rights, I hereby throw myself at the mercy of the pkg-games DD's - or any
DD who's reading this and has the time to check my work as uploaded to
http://mentors.debian.net/debian/pool/main/x/xdigger/xdigger_1.0.10-13+lenny1.dsc
:)
Once again, many thanks to Adam and Ansgar for helping me through this and
pointing out my mistakes and misassumptions!
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at FreeBSD.org roam at cpan.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence was in the past tense.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20110116/7082492a/attachment.pgp>
More information about the Pkg-games-devel
mailing list