Commit ca70f1b7 authored by Daniel Burrows's avatar Daniel Burrows Committed by Andreas Tille

Import Debian changes 2.5.2-2

lbreakout2 (2.5.2-2) unstable; urgency=high

  * Apply backported security fixes for bad usage of s*printf/scanf.
    Thanks to Moritz Muehlenhoff for spotting the problem in the upstream
    changelog and for sifting through the diff to find the relevant fixes.  (Closes: #310468)
parent 98ce9c1e
......@@ -138,7 +138,7 @@ int chart_load_from_path( char *path )
if ( aux[0] != '>' ) break;
chart = calloc( 1, sizeof( Set_Chart ) );
/* get name: >>>name */
fscanf( file, ">>>%s\n", setname );
fscanf( file, ">>>%1023s\n", setname );
chart->name = strdup( setname );
/* entries */
chart_read_entries( file, file_name, chart );
......@@ -234,7 +234,7 @@ void chart_save()
/* open file */
file = fopen( file_name, "w" );
if ( !file ) {
fprintf( stderr, "??? Highscore chart loaded properly but cannot save?\n" );
fprintf( stderr, "??? Highscore chart loaded properly but cannot save? (%s)\n",file_name );
return;
}
/* save all charts */
......
......@@ -146,7 +146,7 @@ void client_connect( GuiWidget *widget, GuiEvent *event )
/* extract ip and port and build a new socket out of it */
gui_edit_get_text( edit_server, server, 128, 0, -1 );
snprintf( config.server, 64, server );
snprintf( config.server, 64, "%s", server );
if ( !net_build_addr( &newaddr, server, 0 ) ) {
client_printf_chatter( 1, "ERROR: address %s does not resolve", config.server );
return;
......
......@@ -157,7 +157,7 @@ static void client_parse_packet()
/* users */
case MSG_ADD_USER:
num = msg_read_int32();
snprintf( name, 16, msg_read_string() ); name[15] = 0;
snprintf( name, 16, "%s", msg_read_string() ); name[15] = 0;
if ( msg_read_failed() ) break;
client_add_user( num, name );
gui_list_update(
......@@ -223,8 +223,8 @@ static void client_parse_packet()
client_transmit( CODE_BLUE, msglen, msgbuf );
break;
}
snprintf( mp_peer_name, 15, msg_read_string() );
snprintf( mp_levelset, 16, msg_read_string() );
snprintf( mp_peer_name, 15, "%s", msg_read_string() );
snprintf( mp_levelset, 16, "%s", msg_read_string() );
mp_diff = msg_read_int8();
mp_rounds = msg_read_int8();
mp_frags = msg_read_int8();
......
......@@ -237,7 +237,7 @@ static void comm_parse_packet()
break;
case MSG_ADD_USER:
i = msg_read_int32();
snprintf( name, 16, msg_read_string() ); name[15] = 0;
snprintf( name, 16, "%s", msg_read_string() ); name[15] = 0;
if ( msg_read_failed() ) break;
client_add_user( i, name );
handled = 1;
......
......@@ -639,12 +639,12 @@ void editor_handle_click( int x, int y, int set, int *full_update )
strcpy( str, "" );
if ( edit_buttons[x][y] == BUTTON_EDIT_AUTHOR )
if ( enter_string( font, "Author's Name:", str, 24 ) ) {
snprintf( edit_cur_level->author, 31, str );
snprintf( edit_cur_level->author, 31, "%s", str );
*full_update = 1;
}
if ( edit_buttons[x][y] == BUTTON_EDIT_NAME )
if ( enter_string( font, "Title:", str, 24 ) ) {
snprintf( edit_cur_level->name, 31, str );
snprintf( edit_cur_level->name, 31, "%s", str );
*full_update = 1;
}
/* sel frame tile position */
......
lbreakout2 (2.5.2-2) unstable; urgency=high
* Apply backported security fixes for bad usage of s*printf/scanf.
Thanks to Moritz Muehlenhoff for spotting the problem in the upstream
changelog and for sifting through the diff to find the relevant fixes. (Closes: #310468)
-- Daniel Burrows <dburrows@debian.org> Tue, 24 May 2005 18:52:21 -0700
lbreakout2 (2.5.2-1) unstable; urgency=low
* New upstream release
......
......@@ -494,8 +494,8 @@ void comm_pack_level( Level *level, unsigned char *msg, int *pos )
{
char *ptr = msg + *pos;
snprintf( ptr, 16, level->name ); ptr[15] = 0; ptr += 16;
snprintf( ptr, 16, level->author); ptr[15] = 0; ptr += 16;
snprintf( ptr, 16, "%s", level->name ); ptr[15] = 0; ptr += 16;
snprintf( ptr, 16, "%s", level->author); ptr[15] = 0; ptr += 16;
memcpy( ptr, level->bricks, 252 ); ptr += 252;
memcpy( ptr, level->extras, 252 ); ptr += 252;
......@@ -507,8 +507,8 @@ void comm_unpack_level( Level *level, unsigned char *msg, int *pos )
{
char *ptr = msg + *pos;
snprintf( level->name, 16, ptr ); ptr += 16;
snprintf( level->author, 16, ptr ); ptr += 16;
snprintf( level->name, 16, "%s", ptr ); ptr += 16;
snprintf( level->author, 16, "%s", ptr ); ptr += 16;
memcpy( level->bricks, ptr, 252 ); ptr += 252;
memcpy( level->extras, ptr, 252 ); ptr += 252;
......
......@@ -74,7 +74,7 @@ FILE *levelset_open( char *fname, char *mode )
if ( fname[0] != '/' ) /* keep global pathes */
snprintf( path, sizeof(path)-1, "%s/levels/%s", SRC_DIR, fname );
else
snprintf( path, sizeof(path)-1, fname );
snprintf( path, sizeof(path)-1, "%s", fname );
if ( ( file = fopen( path, mode ) ) == 0 ) {
fprintf( stderr, "couldn't open %s\n", path );
......@@ -192,7 +192,7 @@ LevelSet *levelset_build_from_list( List *levels, char *name, int version, int u
if ( levels->count == 0 ) return 0;
set = salloc( 1, sizeof( LevelSet ) );
snprintf( set->name, 20, name );
snprintf( set->name, 20, "%s", name );
set->levels = salloc( levels->count, sizeof( Level* ) );
set->count = levels->count;
set->version = version;
......@@ -344,10 +344,10 @@ Level* level_load( FILE *file )
if ( !strequal( "Level:", buffer ) ) goto failure;
/* author */
if ( !next_line( file, buffer ) ) goto failure;
snprintf( level->author, 31, buffer );
snprintf( level->author, 31, "%s", buffer );
/* level name */
if ( !next_line( file, buffer ) ) goto failure;
snprintf( level->name, 31, buffer );
snprintf( level->name, 31, "%s", buffer );
/* bricks: */
if ( !next_line( file, buffer ) ) goto failure;
if ( !strequal( "Bricks:", buffer ) ) goto failure;
......@@ -389,8 +389,8 @@ Level* level_create_empty( char *author, char *name )
{
int i, j;
Level *level = calloc( 1, sizeof( Level ) );
snprintf( level->author, 31, author );
snprintf( level->name, 31, name );
snprintf( level->author, 31, "%s", author );
snprintf( level->name, 31, "%s", name );
/* empty arena */
for ( i = 0; i < EDIT_WIDTH; i++ )
for ( j = 0; j < EDIT_HEIGHT; j++ ) {
......
......@@ -422,7 +422,7 @@ void gui_edit_set_text( GuiWidget *widget, char *text )
{
if ( widget->type != GUI_EDIT ) return;
/* copy text */
snprintf( widget->spec.edit.buffer, widget->spec.edit.size + 1, text );
snprintf( widget->spec.edit.buffer, widget->spec.edit.size + 1, "%s", text );
widget->spec.edit.length = strlen( widget->spec.edit.buffer );
/* reset */
/* first character in first line */
......@@ -456,7 +456,7 @@ int gui_edit_get_text(
if ( length > limit )
length = limit;
if ( length )
snprintf( buffer, limit, widget->spec.edit.buffer );
snprintf( buffer, limit, "%s", widget->spec.edit.buffer );
else
buffer[0] = 0;
return 1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment