← Back to branch summary

~ubuntu-branches/ubuntu/dapper/bsdgames/dapper

« back to all changes in this revision

Viewing changes to dm/dm.c

  • Committer: Bazaar Package Importer
  • Author(s): Joey Hess
  • Date: 2006-04-06 19:59:35 UTC
  • Revision ID: james.westby@ubuntu.com-20060406195935-6bh0a4k9ams99iaq
Tags: 2.17-7
http://bugs.debian.org/360989
* sail: Fix a scanf buffer overrun in initial broadside prompt code,
  possibly exploitable. Closes: #360989
* dm: Fix some other, non exploitable scanf buffer overruns.

Show diffs side-by-side

added added

removed removed

Lines of Context:
dm/dm.c
134
134
        while (fgets(lbuf, sizeof(lbuf), cfp))
135
135
                switch (*lbuf) {
136
136
                case 'b':               /* badtty */
137
 
                        if (sscanf(lbuf, "%s%s", f1, f2) != 2 ||
 
137
                        if (sscanf(lbuf, "%39s%39s", f1, f2) != 2 ||
138
138
                            strcasecmp(f1, "badtty"))
139
139
                                break;
140
140
                        c_tty(f2);
141
141
                        break;
142
142
                case 'g':               /* game */
143
 
                        if (sscanf(lbuf, "%s%s%s%s%s",
 
143
                        if (sscanf(lbuf, "%39s%39s%39s%39s%39s",
144
144
                            f1, f2, f3, f4, f5) != 5 || strcasecmp(f1, "game"))
145
145
                                break;
146
146
                        c_game(f2, f3, f4, f5);
147
147
                        break;
148
148
                case 't':               /* time */
149
 
                        if (sscanf(lbuf, "%s%s%s%s", f1, f2, f3, f4) != 4 ||
 
149
                        if (sscanf(lbuf, "%39s%39s%39s%39s", f1, f2, f3, f4) != 4 ||
150
150
                            strcasecmp(f1, "time"))
151
151
                                break;
152
152
                        c_day(f2, f3, f4);