Subject: airstrike: buffer overflow causes crash from env-var HOME
Package: airstrike
Version: 0.99+1.0pre6a-3
Severity: normal
Tags: patch
Hello,
airstrike crashes when the environment variable HOME contains about 1060 bytes
of
data. If the program had been setuid or setgid something, this would have been
a
security issue, but it isn't. Nevertheless this should be fixed to avoid
irritating
crashes. I have attached a patch.
// Ulf Harnhammar
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages airstrike depends on:
ii airstrike-c 0.99+1.0pre6a-3 2d dogfight game in the tradition
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libsdl-imag 1.2.3-6 image loading library for Simple D
ii libsdl1.2de 1.2.7+1.2.8cvs20041007-3.0.1 Simple DirectMedia Layer
-- no debconf information
--- src/config.c.old 2003-01-18 20:48:05.000000000 +0100
+++ src/config.c 2005-01-14 01:42:55.000000000 +0100
@@ -21,7 +21,7 @@ int config_setup()
}
if (getenv("HOME"))
{
- sprintf(cbuf,"%s/%s",getenv("HOME"),USER_CONFIG_FILE);
+ snprintf(cbuf,sizeof(cbuf),"%s/%s",getenv("HOME"),USER_CONFIG_FILE);
cfile = fopen(cbuf,"r");
if (cfile)
{
