- Fixes buffer overflow about GECOS field [1]

- also fix a bug arround high-score [1] - create files/patches-* for submission [2] - portsrevision bump [2] - entry into vulnxml for < 1.51_3 460118c0-2bde-11e1-bd69-001143cd36d8 [2] PR: ports/163274 [1] Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> (maintainer) [1] Reviewed by: scheidell [2] Approved by: gabor (mentor)
svn path=/head/; revision=287805
2025-06-04 04:16:27 -04:00 · 2011-12-21 14:16:47 +00:00 · 2011-12-21 14:16:47 +00:00 · 2ef322cb96 · 2021-03-31 03:12:20 +00:00
commit 2ef322cb96
parent dcec28b92a
4 changed files with 52 additions and 1 deletions
--- a/games/xshisen/Makefile
+++ b/games/xshisen/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	xshisen
 PORTVERSION=	1.51
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	games
 MASTER_SITES=	LOCAL
 MASTER_SITE_SUBDIR=	hrs
--- a/games/xshisen/files/patch-components.h
+++ b/games/xshisen/files/patch-components.h
@ -0,0 +1,12 @@
+--- components.h.orig	2002-07-07 16:34:23.000000000 +0900
+++ components.h	2011-12-07 11:31:45.000000000 +0900
+@@ -61,6 +61,8 @@
+ #define HNUM  (PKIND*2)      // Number of pairs to pick up
+ #define SCORENUM  10         // Number of people to register in high-score
+ #define NAMELEN   28         // Length of name in high-score
+#define NBUFLEN  127         // Length of namebuf-1
+#define GECOSLEN (NBUFLEN-12)    // Length for GECOS field-1
+ 
+ class Timer {
+ private:
+
--- a/games/xshisen/files/patch-main.c
+++ b/games/xshisen/files/patch-main.c
@ -0,0 +1,12 @@
+--- main.C.orig	2002-07-07 16:33:55.000000000 +0900
+++ main.C	2011-12-07 11:56:13.000000000 +0900
+@@ -210,7 +210,7 @@
+     char buffer[100], *p;
+     char *(*codeconv)(const char*);
+ 
+-    strcpy(buffer, operation);
+    strncpy(buffer, operation, 99);
+     if (strchr(buffer, '-') == NULL) {
+         strcat(buffer, "-" KANJICODE);
+     }
+
--- a/games/xshisen/files/patch-score.c
+++ b/games/xshisen/files/patch-score.c
@ -0,0 +1,27 @@
+--- score.C.orig	2002-06-16 00:20:30.000000000 +0900
+++ score.C	2011-12-14 16:34:35.000000000 +0900
+@@ -73,7 +73,7 @@
+     date[8] = '\0';
+     strncpy(time, &buffer[53], 8);
+     time[8] = '\0';
+-    if (date[0] == '1') {
+    if (date[3] == '-') {
+         for(int i=1; i<8; i++) {
+             date[i-1] = date[i];
+         }
+@@ -372,12 +372,12 @@
+     time_t t;
+     struct tm *tp;
+     struct passwd *pw;
+-    char   namebuf[128], myname[NAMELEN+1], gecos[128], *po;
+    char   namebuf[NBUFLEN+1], myname[NAMELEN+1], gecos[GECOSLEN+1], *po;
+ 
+     s1 = scoreToRegister / 1000;
+     ms_to_hms(scoreToRegister, h, m, s);
+     pw = getpwuid(getuid());
+-    strcpy(gecos, pw->pw_gecos);
+    strncpy(gecos, pw->pw_gecos, GECOSLEN);
+     if ((po = strchr(gecos, ',')) != NULL)
+         *po = 0;
+     sprintf(namebuf, "%-8.8s (%s)", pw->pw_name, gecos);
+