Package: xonix
Version: 1.4-23
Severity: important
Tags: security
I have been performing binary static analysis on some of the Debian 5
package repository.
I identified the following problem in xonix/x11.c
memset(score_rec[i].login, 0, 11);
strncpy(score_rec[i].login, pw->pw_name, 10);
memset(score_rec[i].full, 0, 65);
strncpy(score_rec[i].full, fullname, 64);
score_rec[i].tstamp = time(NULL);
* free(fullname);
if((high = freopen(PATH_HIGHSCORE, "w",high)) == NULL) {
fprintf(stderr, "xonix: cannot reopen high score file\n");
* free(fullname);
gameover_pending = 0;
return;
}
The second free(fullname) should be removed.
I have only investigated this problem on Lenny, but it should be checked to
see if this issue is present in the stable or unstable Debian trees.
--
Silvio
