diff options
| author |   Michael Sterrett <mr_bones_@gentoo.org> | 2009-10-09 20:53:47 +0000 |
|---|---|---|
| committer | Michael Sterrett <mr_bones_@gentoo.org> | 2009-10-09 20:53:47 +0000 |
| commit | 6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76 (patch) | |
| tree | 40852f5449f0bf345406ac91ecbad019266c4081 /games-strategy/dopewars/files | |
| parent | arm stable, bug #282290 (diff) | |
| download | gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.tar.gz gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.tar.bz2 gentoo-2-6fb6c2e559f547bd2b7dc4c9586a4fef7bfb9b76.zip | |
rev bump to get patch to fix Server DoS (bug #288295)
(Portage version: 2.1.6.13/cvs/Linux i686)
Diffstat (limited to 'games-strategy/dopewars/files')
| -rw-r--r-- | games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch new file mode 100644 index 000000000000..d657bf8744f1 --- /dev/null +++ b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch @@ -0,0 +1,20 @@ +Patch for CVE-2009-3591 -- bug 288295. + +Fetched from upstream SVN: +http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033 + +--- dopewars/trunk/src/serverside.c 2009/03/10 07:18:49 1032 ++++ dopewars/trunk/src/serverside.c 2009/10/05 04:11:32 1033 +@@ -504,6 +504,12 @@ + break; + case C_REQUESTJET: + i = atoi(Data); ++ /* Make sure value is within range */ ++ if (i < 0 || i >= NumLocation) { ++ dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"), ++ GetPlayerName(Play), Data); ++ break; ++ } + if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) { + if (CanRunHere(Play)) { + break; |