Module Name: src
Committed By: dholland
Date: Sun Jun 28 18:59:37 UTC 2009
Modified Files:
src/games/hunt/huntd: answer.c
Log Message:
Fix possible remote DoS of a running hunt game, and prevent a possible
theoretical attack involving >= 1 billion ammo.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/games/hunt/huntd/answer.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/games/hunt/huntd/answer.c
diff -u src/games/hunt/huntd/answer.c:1.9 src/games/hunt/huntd/answer.c:1.10
--- src/games/hunt/huntd/answer.c:1.9 Mon Jan 28 03:23:29 2008
+++ src/games/hunt/huntd/answer.c Sun Jun 28 18:59:37 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: answer.c,v 1.9 2008/01/28 03:23:29 dholland Exp $ */
+/* $NetBSD: answer.c,v 1.10 2009/06/28 18:59:37 dholland Exp $ */
/*
* Copyright (c) 1983-2003, Regents of the University of California.
* All rights reserved.
@@ -32,7 +32,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: answer.c,v 1.9 2008/01/28 03:23:29 dholland Exp $");
+__RCSID("$NetBSD: answer.c,v 1.10 2009/06/28 18:59:37 dholland Exp $");
#endif /* not lint */
# include <ctype.h>
@@ -102,6 +102,12 @@
mode = ntohl(mode);
/*
+ * Ensure null termination.
+ */
+ name[sizeof(name)-1] = '\0';
+ Ttyname[sizeof(Ttyname)-1] = '\0';
+
+ /*
* Turn off blocking I/O, so a slow or dead terminal won't stop
* the game. All subsequent reads check how many bytes they read.
*/
@@ -317,7 +323,7 @@
y = STAT_PLAY_ROW + 1 + (newpp - Player);
for (pp = Player; pp < End_player; pp++) {
if (pp != newpp) {
- char smallbuf[10];
+ char smallbuf[16];
pp->p_ammo += NSHOTS;
newpp->p_ammo += NSHOTS;
