Bug#247029: ITP: bastet -- GPL'd clone of Tetris, featuring a bastard tetris level
On Sun, May 02, 2004 at 04:53:59PM -0500, David Moreno Garza wrote:
> Bastet (stands for "bastard tetris") is a free (GPL'd) clone of Tetris(r)
> (built on the top of petris by Peter Seidler) which is designed to be
> "as bastard as possible": it tries to compute how useful blocks are and
> gives you the worst, the most bastard it can find.
I still believe that tetris is the best game ever invented and this
is evil!
If you're planning on making this setuid(games) to take advantage
of the shared highscore please apply the following patch, which guards
against the 'getenv("USER");' overflow.
Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/
--- highscore.c-orig 2004-05-02 23:54:11.000000000 +0100
+++ highscore.c 2004-05-02 23:55:25.000000000 +0100
@@ -69,12 +69,14 @@
/* Move entries one position down starting at index. */
for (i = SIZE_HS_LIST - 1; i > index; i--) {
- strcpy(hs_list[i].name, hs_list[i-1].name);
+ memset(hs_list[i].name,'\0',sizeof(hs_list[i].name)-1);
+ strncpy(hs_list[i].name, hs_list[i-1].name,sizeof(hs_list[i].name)-1);
hs_list[i].points = hs_list[i-1].points;
}
/* Insert new entry. */
- strcpy(hs_list[index].name, name);
+ memset(hs_list[index].name,'\0',sizeof(hs_list[index].name));
+ strncpy(hs_list[index].name, name,sizeof(hs_list[index].name)-1);
hs_list[index].points = points;
}
Reply to: