Your message dated Sun, 24 Aug 2003 13:53:54 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Removed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Jan 2003 09:54:39 +0000
>From [EMAIL PROTECTED] Wed Jan 15 03:54:37 2003
Return-path: <[EMAIL PROTECTED]>
Received: from anchor-post-30.mail.demon.net [194.217.242.88]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18YkEx-0003zv-00; Wed, 15 Jan 2003 03:53:43 -0600
Received: from futurama.intasys.com ([194.217.254.9] helo=smtp.intasys.com)
by anchor-post-30.mail.demon.net with smtp (Exim 3.35 #1)
id 18YkEw-000KrR-0U
for [EMAIL PROTECTED]; Wed, 15 Jan 2003 09:53:42 +0000
Received: (qmail 12743 invoked from network); 15 Jan 2003 09:52:50 -0000
Received: from unknown (HELO steve.edi.intasys.com) (192.168.0.162)
by futurama.edidmz.intasys.com with SMTP; 15 Jan 2003 09:52:50 -0000
Received: from steve by steve.edi.intasys.com with local (Exim 3.36 #1 (Debian))
id 18YkDp-0005pb-00; Wed, 15 Jan 2003 09:52:33 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Steve Kemp <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: xtrojka: Segfaults on excessive $HOME
X-Mailer: reportbug 2.10
Date: Wed, 15 Jan 2003 09:52:33 +0000
Message-Id: <[EMAIL PROTECTED]>
Sender: Steve Kemp <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-1.9 required=5.0
tests=PATCH_CONTEXT_DIFF,SPAM_PHRASE_00_01
version=2.41
X-Spam-Level:
Package: xtrojka
Version: 123-19
Severity: normal
Tags: security upstream patch
Overview
--------
xtrojka doesn't perform adequate boundschecking when using the contents
of the environmental variable 'HOME'.
The game is installed in Debian unstable, stable, and testing setgid(games).
This fault may allow priviledge escalation.
Demonstration
------------
[EMAIL PROTECTED]:~$ export HOME=`perl -e 'print "x" x 500'`
[EMAIL PROTECTED]:/home/steve$ xtrojka
Warning: cannot create preferences
Warning: cannot open preferences
Warning: cannot write preferences
Segmentation fault
Fix
---
The patch below fixes this issue.
Steve
---
www.steve.org.uk
*** preferences.c Wed Jan 15 09:46:38 2003
--- preferences.c-orig Wed Jan 15 09:45:06 2003
***************
*** 48,54 ****
sprintf(prefsfile,"/tmp/%s", PREFSFILENAME);
return;
}
! snprintf(prefsfile,sizeof(prefsfile)-1,"%s/%s", home, PREFSFILENAME);
read_prefs();
}
--- 48,54 ----
sprintf(prefsfile,"/tmp/%s", PREFSFILENAME);
return;
}
! sprintf(prefsfile,"%s/%s", home, PREFSFILENAME);
read_prefs();
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux steve 2.4.19-686 #1 Mon Nov 18 23:59:03 EST 2002 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages xtrojka depends on:
ii libc6 2.3.1-9 GNU C Library: Shared libraries an
ii libxaw7 4.2.1-4 X Athena widget set library
ii xlibs 4.2.1-4 X Window System client libraries
-- no debconf information
---------------------------------------
Received: (at 176824-done) by bugs.debian.org; 24 Aug 2003 03:54:37 +0000
>From [EMAIL PROTECTED] Sat Aug 23 22:54:35 2003
Return-path: <[EMAIL PROTECTED]>
Received: from bangpath.uucico.de [195.71.9.197]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19qlxb-0003Mi-00; Sat, 23 Aug 2003 22:54:35 -0500
Received: by bangpath.uucico.de (Postfix, from userid 10)
id AE80F26B24; Sun, 24 Aug 2003 05:54:34 +0200 (CEST)
Received: by regression.cyrius.com (Postfix, from userid 1000)
id 99C1C22D4A; Sun, 24 Aug 2003 04:53:54 +0100 (BST)
Date: Sun, 24 Aug 2003 13:53:54 +1000
From: Martin Michlmayr <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Removed
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-3.0 required=4.0
tests=BAYES_01,USER_AGENT_MUTT
version=2.53-bugs.debian.org_2003_8_17
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_17
(1.174.2.15-2003-03-30-exp)
This package has been removed from Debian unstable because it wasn't
maintained.
--
Martin Michlmayr
[EMAIL PROTECTED]
