From 90c5e88130a7d154dc434cab89b359e6e58b6a19 Mon Sep 17 00:00:00 2001
From: Christian Weisgerber <naddy@FreeBSD.org>
Date: Tue, 2 Mar 2004 22:48:03 +0000
Subject: Prevent buffer overflow from environment variable.

Obtained from:	Ulf Harnhammar and Debian
---
 games/lbreakout2/Makefile                  |  2 +-
 games/lbreakout2/files/patch-src_config.c  | 14 +++++++
 games/lbreakout2/files/patch-src_editor.c  | 14 +++++++
 games/lbreakout2/files/patch-src_game.c    | 14 +++++++
 games/lbreakout2/files/patch-src_levels.c  | 14 +++++++
 games/lbreakout2/files/patch-src_main.c    | 14 +++++++
 games/lbreakout2/files/patch-src_manager.c | 14 +++++++
 games/lbreakout2/files/patch-src_theme.c   | 59 ++++++++++++++++++++++++++++++
 8 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 games/lbreakout2/files/patch-src_config.c
 create mode 100644 games/lbreakout2/files/patch-src_editor.c
 create mode 100644 games/lbreakout2/files/patch-src_game.c
 create mode 100644 games/lbreakout2/files/patch-src_levels.c
 create mode 100644 games/lbreakout2/files/patch-src_main.c
 create mode 100644 games/lbreakout2/files/patch-src_manager.c
 create mode 100644 games/lbreakout2/files/patch-src_theme.c

(limited to 'games')

diff --git a/games/lbreakout2/Makefile b/games/lbreakout2/Makefile
index d88b89a8fcfb..aa2624b2601b 100644
--- a/games/lbreakout2/Makefile
+++ b/games/lbreakout2/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	lbreakout2
 PORTVERSION=	2.2.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	games
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	lgames
diff --git a/games/lbreakout2/files/patch-src_config.c b/games/lbreakout2/files/patch-src_config.c
new file mode 100644
index 000000000000..4073c6426fc3
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_config.c
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/config.c.orig	Tue Mar  2 21:29:55 2004
++++ src/config.c	Tue Mar  2 21:30:24 2004
+@@ -40,7 +40,7 @@
+ void config_check_dir()
+ {
+     char level_dir[512];
+-    sprintf( config.dir_name, "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
++    snprintf( config.dir_name, sizeof(config.dir_name), "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+     /* test and create .lgames */
+     if ( opendir( config.dir_name ) == 0 ) {
+         fprintf( stderr, "couldn't find/open config directory '%s'\n", config.dir_name );
diff --git a/games/lbreakout2/files/patch-src_editor.c b/games/lbreakout2/files/patch-src_editor.c
new file mode 100644
index 000000000000..126c0d7e8bfa
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_editor.c
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/editor.c.orig	Tue Mar  2 21:26:03 2004
++++ src/editor.c	Tue Mar  2 21:27:00 2004
+@@ -725,7 +725,7 @@
+ {
+     FILE *file = 0;
+     /* set full file name */
+-    sprintf( edit_file_name, "%s/%s/lbreakout2-levels/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME, file_name );
++    snprintf( edit_file_name, sizeof(edit_file_name), "%s/%s/lbreakout2-levels/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME, file_name );
+     /* test this file for write access. use append to keep contents */
+     if ( ( file = fopen( edit_file_name, "a" ) ) == 0 ) {
+         fprintf( stderr, "Permission to write to file '%s' denied.\n", edit_file_name );
diff --git a/games/lbreakout2/files/patch-src_game.c b/games/lbreakout2/files/patch-src_game.c
new file mode 100644
index 000000000000..3caeeef7903b
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_game.c
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/game.c.orig	Tue Mar  2 21:30:46 2004
++++ src/game.c	Tue Mar  2 21:31:02 2004
+@@ -561,7 +561,7 @@
+     /* load level */
+     setname = levelset_names[config.levelset_id];
+     if ( levelset_names[config.levelset_id][0] == '~' ) {
+-        sprintf( path, "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
++        snprintf( path, sizeof(path), "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+         setname++;
+     }
+     else
diff --git a/games/lbreakout2/files/patch-src_levels.c b/games/lbreakout2/files/patch-src_levels.c
new file mode 100644
index 000000000000..64e4917b1a24
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_levels.c
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/levels.c.orig	Tue Mar  2 21:31:19 2004
++++ src/levels.c	Tue Mar  2 21:31:36 2004
+@@ -220,7 +220,7 @@
+     /* create dynamic list */
+     names = list_create( LIST_NO_AUTO_DELETE, NO_CALLBACK );
+     /* parse home directory */
+-    sprintf( level_dir, "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
++    snprintf( level_dir, sizeof(level_dir), "%s/%s/lbreakout2-levels", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME );
+     text = get_file_list( level_dir, 0, level_dir );
+     for ( i = 0; i < text->count; i++ ) {
+         /* filter stuff */
diff --git a/games/lbreakout2/files/patch-src_main.c b/games/lbreakout2/files/patch-src_main.c
new file mode 100644
index 000000000000..b522496c09dd
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_main.c
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/main.c.orig	Tue Mar  2 21:31:52 2004
++++ src/main.c	Tue Mar  2 21:32:16 2004
+@@ -106,7 +106,7 @@
+                 /* new set? */
+                 if ( strequal( "<CREATE SET>", levelset_home_names[config.levelset_home_id] ) ) {
+                     editor_file = calloc( 16, sizeof( char ) );
+-                    sprintf( path, "%s/%s/lbreakout2-levels", getenv( "HOME" ), CONFIG_DIR_NAME );
++                    snprintf( path, sizeof(path), "%s/%s/lbreakout2-levels", getenv( "HOME" ), CONFIG_DIR_NAME );
+                     if ( !enter_string( font, "Set Name:", editor_file, 12 ) || !file_check( path, editor_file, "w" ) ) {
+                         free( editor_file );
+                         break;
diff --git a/games/lbreakout2/files/patch-src_manager.c b/games/lbreakout2/files/patch-src_manager.c
new file mode 100644
index 000000000000..152fc7fa8747
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_manager.c
@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/manager.c.orig	Tue Mar  2 21:29:21 2004
++++ src/manager.c	Tue Mar  2 21:29:40 2004
+@@ -126,7 +126,7 @@
+         return;
+     }
+     /* get file name + path */
+-    sprintf( fname, "%s/%s/lbreakout2-levels/%s", getenv( "HOME" ), CONFIG_DIR_NAME, levelset_home_names[config.levelset_home_id] );
++    snprintf( fname, sizeof(fname), "%s/%s/lbreakout2-levels/%s", getenv( "HOME" ), CONFIG_DIR_NAME, levelset_home_names[config.levelset_home_id] );
+     remove( fname );
+     levelsets_load_names(); /* reinit name lists and configs indices */
+     /* reassign these name lists as position in memory has changed */
diff --git a/games/lbreakout2/files/patch-src_theme.c b/games/lbreakout2/files/patch-src_theme.c
new file mode 100644
index 000000000000..87da99c95a2d
--- /dev/null
+++ b/games/lbreakout2/files/patch-src_theme.c
@@ -0,0 +1,59 @@
+
+$FreeBSD$
+
+--- src/theme.c.orig	Tue Mar  2 21:27:06 2004
++++ src/theme.c	Tue Mar  2 21:29:01 2004
+@@ -115,7 +115,7 @@
+ {
+     SDL_Surface *surf = 0;
+     char path[512];
+-    sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
++    snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+     if ( strequal( theme_name, "Default" ) || ( surf = load_surf( path, SDL_SWSURFACE | SDL_NONFATAL ) ) == 0 )
+         surf = load_surf( name, SDL_SWSURFACE );
+     return surf;
+@@ -125,7 +125,7 @@
+ {
+     Sound_Chunk *sound = 0;
+     char path[512];
+-    sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
++    snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+     if ( strequal( theme_name, "Default" ) ||  ( sound = sound_chunk_load( path ) ) == 0 )
+         sound = sound_chunk_load( name );
+     return sound;
+@@ -135,7 +135,7 @@
+ {
+     Font *font = 0;
+     char path[512];
+-    sprintf( path, "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
++    snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/%s", getenv( "HOME" ), theme_name, name );
+     if ( strequal( theme_name, "Default" ) ||  ( font = load_fixed_font( path, start, len, width, SDL_SWSURFACE | SDL_NONFATAL ) ) == 0 )
+         font = load_fixed_font( name, start, len, width, SDL_SWSURFACE );
+     return font;
+@@ -201,7 +201,7 @@
+     struct stat filestat;
+     char path[512];
+     char fname[512];
+-    sprintf( fname, "%s/.lgames/lbreakout2-themes/%s/back0.png", getenv( "HOME" ), theme_name );
++    snprintf( fname, sizeof(path), "%s/.lgames/lbreakout2-themes/%s/back0.png", getenv( "HOME" ), theme_name );
+     if ( strequal( theme_name, "Default" ) || stat( fname, &filestat ) == -1 ) {
+         /* use original backs */
+         bkgnd_count = BACK_COUNT;
+@@ -209,7 +209,7 @@
+     }
+     else {
+         /* use new backs */
+-        sprintf( path, "%s/.lgames/lbreakout2-themes/%s", getenv( "HOME" ), theme_name );
++        snprintf( path, sizeof(path), "%s/.lgames/lbreakout2-themes/%s", getenv( "HOME" ), theme_name );
+         bkgnd_count = -1;
+         do {
+             bkgnd_count++;
+@@ -248,7 +248,7 @@
+     /* auxilary list */
+     list = list_create( LIST_NO_AUTO_DELETE, NO_CALLBACK );
+     /* theme directory */
+-    sprintf( dir, "%s/.lgames/lbreakout2-themes", getenv( "HOME" ) );
++    snprintf( dir, sizeof(dir), "%s/.lgames/lbreakout2-themes", getenv( "HOME" ) );
+     if ( ( hdir = opendir( dir ) ) != 0 ) {
+         while ( ( entry = readdir( hdir ) ) ) {
+             if ( entry->d_name[0] == '.' ) 
-- 
cgit v1.2.3