SOURCES: openttd-CAN-2005-2763.patch (NEW) - fix for CAN-2005-2763...

adamg adamg at pld-linux.org
Mon Sep 5 20:03:14 CEST 2005 

Author: adamg                        Date: Mon Sep  5 18:03:14 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- fix for CAN-2005-2763 (format string vulnerabilities)

---- Files affected:
SOURCES:
   openttd-CAN-2005-2763.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/openttd-CAN-2005-2763.patch
diff -u /dev/null SOURCES/openttd-CAN-2005-2763.patch:1.1
--- /dev/null	Mon Sep  5 20:03:14 2005
+++ SOURCES/openttd-CAN-2005-2763.patch	Mon Sep  5 20:03:08 2005
@@ -0,0 +1,190 @@
+--- /trunk/console_cmds.c	2005/08/28 10:59:34	2898
++++ trunk/console_cmds.c	2005/08/28 12:24:57	2899
+@@ -1132,7 +1132,7 @@
+ 			SEND_COMMAND(PACKET_CLIENT_SET_NAME)(_network_player_name);
+ 		} else {
+ 			if (NetworkFindName(_network_player_name)) {
+-				NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, _network_player_name);
++				NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", _network_player_name);
+ 				ttd_strlcpy(ci->client_name, _network_player_name, sizeof(ci->client_name));
+ 				NetworkUpdateClientInfo(NETWORK_SERVER_INDEX);
+ 			}
+--- /trunk/network.c	2005/08/28 10:59:34	2898
++++ trunk/network.c	2005/08/28 12:24:57	2899
+@@ -100,7 +100,7 @@
+ 	char temp[1024];
+ 
+ 	va_start(va, str);
+-	vsprintf(buf, str, va);
++	vsnprintf(buf, lengthof(buf), str, va);
+ 	va_end(va);
+ 
+ 	switch (action) {
+@@ -499,7 +499,7 @@
+ 
+ 		GetString(str, STR_NETWORK_ERR_CLIENT_GENERAL + errorno);
+ 
+-		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);
++		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);
+ 
+ 		// Inform other clients of this... strange leaving ;)
+ 		FOR_ALL_CLIENTS(new_cs) {
+--- /trunk/network_client.c	2005/08/28 10:59:34	2898
++++ trunk/network_client.c	2005/08/28 12:24:57	2899
+@@ -349,7 +349,7 @@
+ 	if (ci != NULL) {
+ 		if (playas == ci->client_playas && strcmp(name, ci->client_name) != 0) {
+ 			// Client name changed, display the change
+-			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, name);
++			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", name);
+ 		} else if (playas != ci->client_playas) {
+ 			// The player changed from client-player..
+ 			// Do not display that for now
+@@ -666,7 +666,7 @@
+ 
+ 	ci = NetworkFindClientInfoFromIndex(index);
+ 	if (ci != NULL) {
+-		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, str);
++		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, "%s", str);
+ 
+ 		// The client is gone, give the NetworkClientInfo free
+ 		ci->client_index = NETWORK_EMPTY_INDEX;
+@@ -684,11 +684,11 @@
+ 	NetworkClientInfo *ci;
+ 
+ 	index = NetworkRecv_uint16(MY_CLIENT, p);
+-	NetworkRecv_string(MY_CLIENT, p, str, 100);
++	NetworkRecv_string(MY_CLIENT, p, str, lengthof(str));
+ 
+ 	ci = NetworkFindClientInfoFromIndex(index);
+ 	if (ci != NULL) {
+-		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, str);
++		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, "%s", str);
+ 
+ 		// The client is gone, give the NetworkClientInfo free
+ 		ci->client_index = NETWORK_EMPTY_INDEX;
+--- /trunk/network_server.c	2005/08/28 10:59:34	2898
++++ trunk/network_server.c	2005/08/28 12:24:57	2899
+@@ -162,7 +162,7 @@
+ 
+ 		DEBUG(net, 2)("[NET] %s made an error (%s) and his connection is closed", client_name, str);
+ 
+-		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);
++		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);
+ 
+ 		FOR_ALL_CLIENTS(new_cs) {
+ 			if (new_cs->status > STATUS_AUTH && new_cs != cs) {
+@@ -904,7 +904,7 @@
+ 
+ 	DEBUG(net, 2)("[NET] %s reported an error and is closing his connection (%s)", client_name, str);
+ 
+-	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);
++	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);
+ 
+ 	FOR_ALL_CLIENTS(new_cs) {
+ 		if (new_cs->status > STATUS_AUTH) {
+@@ -929,11 +929,11 @@
+ 		return;
+ 	}
+ 
+-	NetworkRecv_string(cs, p, str, 100);
++	NetworkRecv_string(cs, p, str, lengthof(str));
+ 
+ 	NetworkGetClientName(client_name, sizeof(client_name), cs);
+ 
+-	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);
++	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);
+ 
+ 	FOR_ALL_CLIENTS(new_cs) {
+ 		if (new_cs->status > STATUS_AUTH) {
+@@ -1108,7 +1108,7 @@
+ 	if (ci != NULL) {
+ 		// Display change
+ 		if (NetworkFindName(client_name)) {
+-			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, client_name);
++			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", client_name);
+ 			ttd_strlcpy(ci->client_name, client_name, sizeof(ci->client_name));
+ 			NetworkUpdateClientInfo(ci->client_index);
+ 		}
+--- /trunk/texteff.c	2005/08/28 10:59:34	2898
++++ trunk/texteff.c	2005/08/28 12:24:57	2899
+@@ -62,7 +62,7 @@
+ 	int length;
+ 
+ 	va_start(va, message);
+-	vsprintf(buf, message, va);
++	vsnprintf(buf, lengthof(buf), message, va);
+ 	va_end(va);
+ 
+ 	/* Special color magic */
+--- openttd/os2.c
++++ openttd/os2.c
+@@ -642,7 +642,7 @@ static long CDECL MidiSendCommand(const 
+ 	va_list va;
+ 	char buf[512];
+ 	va_start(va, cmd);
+-	vsprintf(buf, cmd, va);
++	vsnprintf(buf, sizeof(buf), cmd, va);
+ 	va_end(va);
+ 	return mciSendString(buf, NULL, 0, NULL, 0);
+ }
+--- openttd/strgen/strgen.c
++++ openttd/strgen/strgen.c
+@@ -84,7 +84,7 @@ void warning(const char *s, ...) {
+ 	char buf[1024];
+ 	va_list va;
+ 	va_start(va, s);
+-	vsprintf(buf, s, va);
++	vsnprintf(buf, sizeof(buf), s, va);
+ 	va_end(va);
+ 	fprintf(stderr, "%d: ERROR: %s\n", _cur_line, buf);
+ 	_warnings = true;
+@@ -94,7 +94,7 @@ void NORETURN error(const char *s, ...) 
+ 	char buf[1024];
+ 	va_list va;
+ 	va_start(va, s);
+-	vsprintf(buf, s, va);
++	vsnprintf(buf, sizeof(buf), s, va);
+ 	va_end(va);
+ 	fprintf(stderr, "%d: FATAL: %s\n", _cur_line, buf);
+ 	exit(1);
+--- openttd/ttd.c
++++ openttd/ttd.c
+@@ -70,7 +70,7 @@ void CDECL error(const char *s, ...) {
+ 	va_list va;
+ 	char buf[512];
+ 	va_start(va, s);
+-	vsprintf(buf, s, va);
++	vsnprintf(buf, sizeof(buf), s, va);
+ 	va_end(va);
+ 
+ 	ShowOSErrorBox(buf);
+@@ -86,7 +86,7 @@ void CDECL ShowInfoF(const char *str, ..
+ 	va_list va;
+ 	char buf[1024];
+ 	va_start(va, str);
+-	vsprintf(buf, str, va);
++	vsnprintf(buf, sizeof(buf), str, va);
+ 	va_end(va);
+ 	ShowInfo(buf);
+ }
+@@ -99,7 +99,7 @@ char * CDECL str_fmt(const char *str, ..
+ 	char *p;
+ 
+ 	va_start(va, str);
+-	len = vsprintf(buf, str, va);
++	len = vsnprintf(buf, sizeof(buf), str, va);
+ 	va_end(va);
+ 	p = malloc(len + 1);
+ 	if (p)
+--- openttd/win32.c
++++ openttd/win32.c
+@@ -841,7 +841,7 @@ static long CDECL MidiSendCommand(const 
+ 	char buf[512];
+ 
+ 	va_start(va, cmd);
+-	vsprintf(buf, cmd, va);
++	vsnprintf(buf, sizeof(buf), cmd, va);
+ 	va_end(va);
+ 	return mciSendStringA(buf, NULL, 0, 0);
+ }
================================================================

More information about the pld-cvs-commit mailing list