Bug#357645: teg: Remote DoS vulnerability
Package: teg
Severity: important
Tags: fixed-upstream upstream patch
The upstream patch is attached; I retrieved it with:
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg login
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg co .
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg log |less
cvs -d:pserver:anonymous@cvs.sf.net:/cvsroot/teg diff -u -D '2006/03/16 21:59:34' -D 2006/03/15 teg/server/player.c
Debian patch will follow..
I don't know if this warrents a security upload, but I cc: them
anyway; this patch should also apply to sarge (player.c).
BTW, upstream authors, you should fix your copyright notice;
"copyright: gpl" doesn't make sense; the gpl is a license and not a
copyright holder.
----- Forwarded message from Davide Puricelli <dpuricelli@tin.it> -----
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
webmin.steelfarms.net
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham
version=3.1.0
Old-Return-Path: <dpuricelli@tin.it>
From: Davide Puricelli <dpuricelli@tin.it>
To: Wolfgang Morawetz <wolfgang.morawetz@gmx.at>
Cc: packages@qa.debian.org
Subject: Re: Remote DoS vulnerability in TEG
X-Operating-System: Linux gladstone.duckburg.org 2.6.15.4-gladstone1
X-Rc-Virus: 2005-11-10_01
X-Rc-Spam: 2006-03-13_01
Resent-Message-ID: <iNPUZD.A.gtC.6SEHEB@murphy>
Resent-From: debian-qa-packages@lists.debian.org
X-Mailing-List: <debian-qa-packages@lists.debian.org> archive/latest/12390
List-Id: <debian-qa-packages.lists.debian.org>
List-Post: <mailto:debian-qa-packages@lists.debian.org>
List-Help: <mailto:debian-qa-packages-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-qa-packages-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-qa-packages-request@lists.debian.org?subject=unsubscribe>
Resent-Sender: debian-qa-packages-request@lists.debian.org
Resent-Date: Sat, 18 Mar 2006 11:34:51 -0600 (CST)
On Fri, Mar 17, 2006 at 02:57:17PM +0100, Wolfgang Morawetz wrote:
> Hi,
> i will inform you about a remote DOS vulnerability in TEG
> The fix is in CVS.
Hi, I orphaned the teg package some months ago, therefore I'm forwarding
your email to our Quality Assurance group, thanks anyway!
Regards,
--
Davide Puricelli, dpuricelli@tin.it
Debian Developer: evo@debian.org | http://www.debian.org
Time looked like snow dropping silently into a black room -- Ray Bradbury
----- End forwarded message -----
Index: teg/server/player.c
===================================================================
RCS file: /cvsroot/teg/teg/server/player.c,v
retrieving revision 1.7
retrieving revision 1.6
diff -u -r1.7 -r1.6
--- teg/server/player.c 16 Mar 2006 21:59:34 -0000 1.7
+++ teg/server/player.c 14 Mar 2006 16:47:00 -0000 1.6
@@ -1,4 +1,4 @@
-/* $Id: player.c,v 1.7 2006/03/16 21:59:34 nordi Exp $ */
+/* $Id: player.c,v 1.6 2006/03/14 16:47:00 nordi Exp $ */
/* Tenes Empanadas Graciela
*
* Copyright (C) 2000 Ricardo Quesada
@@ -596,16 +596,16 @@
strip_invalid(new_name);
if( player_findbyname(new_name,&pJ_new) == TEG_STATUS_SUCCESS && pJ_new->estado != PLAYER_STATUS_DESCONECTADO ) {
- /* that name is already registered, assign a new name dynamically */
+ /* that name is already registered, assign a new name dinamically */
int n = strlen(new_name);
if( n < sizeof(pJ->name) - 2 ) {
new_name[n] = '_';
player_fillname( pJ, new_name );
} else {
- if( new_name[n-1] < '0' || new_name[n-1] > '9' )
- new_name[n-1]='0';
+ if( new_name[n] < '0' || new_name[n] > '9' )
+ new_name[n]='0';
else
- new_name[n-1]++;
+ new_name[n]++;
player_fillname( pJ, new_name );
}
}
Reply to: