Bug#176824: marked as done (xtrojka: Segfaults on excessive $HOME)

To: Martin Michlmayr <tbm@cyrius.com>
Cc: Debian QA Group <debian-qa@lists.debian.org>
Subject: Bug#176824: marked as done (xtrojka: Segfaults on excessive $HOME)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 23 Aug 2003 23:03:29 -0500
Message-id: <handler.176824.D176824.106169727712975.ackdone@bugs.debian.org>
In-reply-to: <20030824035354.GA18154@regression.cyrius.com>
References: <20030824035354.GA18154@regression.cyrius.com> <E18YkDp-0005pb-00@steve.edi.intasys.com>

Your message dated Sun, 24 Aug 2003 13:53:54 +1000
with message-id <20030824035354.GA18154@regression.cyrius.com>
and subject line Removed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Jan 2003 09:54:39 +0000
>From steve@uk.intasys.com Wed Jan 15 03:54:37 2003
Return-path: <steve@uk.intasys.com>
Received: from anchor-post-30.mail.demon.net [194.217.242.88] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 18YkEx-0003zv-00; Wed, 15 Jan 2003 03:53:43 -0600
Received: from futurama.intasys.com ([194.217.254.9] helo=smtp.intasys.com)
	by anchor-post-30.mail.demon.net with smtp (Exim 3.35 #1)
	id 18YkEw-000KrR-0U
	for submit@bugs.debian.org; Wed, 15 Jan 2003 09:53:42 +0000
Received: (qmail 12743 invoked from network); 15 Jan 2003 09:52:50 -0000
Received: from unknown (HELO steve.edi.intasys.com) (192.168.0.162)
  by futurama.edidmz.intasys.com with SMTP; 15 Jan 2003 09:52:50 -0000
Received: from steve by steve.edi.intasys.com with local (Exim 3.36 #1 (Debian))
	id 18YkDp-0005pb-00; Wed, 15 Jan 2003 09:52:33 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Steve Kemp <skx@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xtrojka: Segfaults on excessive $HOME
X-Mailer: reportbug 2.10
Date: Wed, 15 Jan 2003 09:52:33 +0000
Message-Id: <E18YkDp-0005pb-00@steve.edi.intasys.com>
Sender: Steve Kemp <steve@steve.edi.intasys.com>
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-1.9 required=5.0
	tests=PATCH_CONTEXT_DIFF,SPAM_PHRASE_00_01
	version=2.41
X-Spam-Level: 

Package: xtrojka
Version: 123-19
Severity: normal
Tags: security upstream patch



Overview
--------

  xtrojka doesn't perform adequate boundschecking when using the contents
 of the environmental variable 'HOME'.  

  The game is installed in Debian unstable, stable, and testing setgid(games).
 This fault may allow priviledge escalation.


Demonstration
------------

steve@steve:~$ export HOME=`perl -e 'print "x" x 500'`
steve@steve:/home/steve$ xtrojka 
Warning: cannot create preferences
Warning: cannot open preferences
Warning: cannot write preferences
Segmentation fault


Fix
---

  The patch below fixes this issue.


Steve
---
www.steve.org.uk


*** preferences.c       Wed Jan 15 09:46:38 2003
--- preferences.c-orig  Wed Jan 15 09:45:06 2003
***************
*** 48,54 ****
                sprintf(prefsfile,"/tmp/%s", PREFSFILENAME);
                return;
        }
!       snprintf(prefsfile,sizeof(prefsfile)-1,"%s/%s", home, PREFSFILENAME);
  
        read_prefs();
  }
--- 48,54 ----
                sprintf(prefsfile,"/tmp/%s", PREFSFILENAME);
                return;
        }
!       sprintf(prefsfile,"%s/%s", home, PREFSFILENAME);
  
        read_prefs();


-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux steve 2.4.19-686 #1 Mon Nov 18 23:59:03 EST 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages xtrojka depends on:
ii  libc6                         2.3.1-9    GNU C Library: Shared libraries an
ii  libxaw7                       4.2.1-4    X Athena widget set library
ii  xlibs                         4.2.1-4    X Window System client libraries

-- no debconf information


---------------------------------------
Received: (at 176824-done) by bugs.debian.org; 24 Aug 2003 03:54:37 +0000
>From tbm@cyrius.com Sat Aug 23 22:54:35 2003
Return-path: <tbm@cyrius.com>
Received: from bangpath.uucico.de [195.71.9.197] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 19qlxb-0003Mi-00; Sat, 23 Aug 2003 22:54:35 -0500
Received: by bangpath.uucico.de (Postfix, from userid 10)
	id AE80F26B24; Sun, 24 Aug 2003 05:54:34 +0200 (CEST)
Received: by regression.cyrius.com (Postfix, from userid 1000)
	id 99C1C22D4A; Sun, 24 Aug 2003 04:53:54 +0100 (BST)
Date: Sun, 24 Aug 2003 13:53:54 +1000
From: Martin Michlmayr <tbm@cyrius.com>
To: 112376-done@bugs.debian.org, 176824-done@bugs.debian.org
Subject: Removed
Message-ID: <20030824035354.GA18154@regression.cyrius.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Delivered-To: 176824-done@bugs.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0
	tests=BAYES_01,USER_AGENT_MUTT
	version=2.53-bugs.debian.org_2003_8_17
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_17 (1.174.2.15-2003-03-30-exp)

This package has been removed from Debian unstable because it wasn't
maintained.

-- 
Martin Michlmayr
tbm@cyrius.com

Reply to:

Prev by Date: Bug#206899: marked as done (qa.debian.org: RC bug counts don't ignore bugs tagged sarge-ignore)
Next by Date: Bug#112376: marked as done (xtrojka: keyboard focus on new game [patch])
Previous by thread: Processed: Stuff up email From: address. Stupid reportbug!
Next by thread: Bug#112376: marked as done (xtrojka: keyboard focus on new game [patch])
Index(es):
- Date
- Thread