Bug#609096: Buffer overflow in xdigger with long argv[0]

Adam D. Barratt adam at adam-barratt.org.uk
Thu Jan 13 22:27:11 UTC 2011 

On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote:
> On Wed, Jan 12, 2011 at 09:10:53PM +0000, Adam D. Barratt wrote:
> > This change looked a little odd:
[...]
> > + 	case TON_SCHRITT:
> > +-	  strcat(name, "/step.au");
> > ++	  snprintf(name, sizeof(name), "%s/step.au", XDIGGER_LIB_DIR);
> > ++	  strncat(name, "/step.au");
> > + 	  break;
> 
> Oops!  The strncat() should not be there, I'll prepare a new upload.
> 
> > + 	case TON_STEINE:
> > +-	  strcat(name, "/stone.au");
> > ++	  snprintf(name, sizeof(name), "%s/stone.au", XDIGGER_LIB_DIR);
> > + 	  break;
> > 
> > Why have the filenames changed from foo.au to XDIGGER_LIB_DIR/foo.au?
> 
> They haven't changed :)  A couple of lines above that, the "name" variable
> is initialized to XDIGGER_LIB_DIR, so the strcat() that was there just
> added foo.au to it.  The snprintf() does both.

Ah, I see.

> I've corrected the patch to remove the strncat() that I'd put there before
> deciding to change it to snprintf() :)
[...]
> > Have you verified whether the addition of ${misc:Depends} makes any
> > practical difference to the generated binary packages, rather than
> > simply quietening lintian?
> 
> Actually, it does not make any difference; I'll remove it.

Thanks.

> > Were the update to xdigger.desktop and the addition of
> > debian/source/format intentional?
> 
> Well, the update to xdigger.desktop was done in a sweeping change by
> Paul Wise (pabs) two and a half years ago; I don't know why he didn't
> mention it in the changelog.  That was before xdigger was removed from
> unstable and testing, and before there were any thoughts of preparing
> a Lenny-only upload.
> 
> Should I document it in the changelog, or revert it from the Subversion
> repository?

One or the other.  :-)

> > If so, why aren't they mentioned in
> > the changelog?  fwiw, given that the default source format is not going
> > to change in lenny, the source/format change is at best a no-op.
> 
> As to the default source format, I initially tried to convert it to
> 3.0 (quilt), but then Ansgar Burchardt kindly reminded me that you would
> not really allow this as a stable update :)  So I reverted the 3.0 changes
> and placed 1.0 as the source format name; I could remove it if you'd like,
> no problem, and quite understandable.

Ansgar was correct. :-)   It's technically a no-op; I'm not going to
complain (too) loudly if you leave it in.

> Thanks for taking the time to review the changes!

Thanks for taking the time to fix things in lenny.

Regards,

Adam

More information about the Pkg-games-devel mailing list