diff options
Diffstat (limited to 'games-strategy/freeciv/files/freeciv-2.0.8-DoS.patch')
| -rw-r--r-- | games-strategy/freeciv/files/freeciv-2.0.8-DoS.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/games-strategy/freeciv/files/freeciv-2.0.8-DoS.patch b/games-strategy/freeciv/files/freeciv-2.0.8-DoS.patch new file mode 100644 index 0000000..83a61dd --- /dev/null +++ b/games-strategy/freeciv/files/freeciv-2.0.8-DoS.patch @@ -0,0 +1,26 @@ +--- trunk/server/unithand.c 2006/07/12 17:18:43 12065 ++++ trunk/server/unithand.c 2006/07/16 12:15:25 12106 +@@ -1622,7 +1622,8 @@ + struct tile *src_tile = map_pos_to_tile(packet->src_x, packet->src_y); + int i; + +- if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE) { ++ if (!punit || packet->length < 0 || punit->activity != ACTIVITY_IDLE ++ || packet->length > MAX_LEN_ROUTE) { + return; + } + +--- trunk/common/packets.c 2006/03/04 02:42:00 11710 ++++ trunk/common/packets.c 2006/07/24 08:37:08 12146 +@@ -562,8 +562,11 @@ + chunk->total_length, chunk->chunk_length); + + if (chunk->total_length < 0 ++ || chunk->chunk_length < 0 + || chunk->total_length >= MAX_ATTRIBUTE_BLOCK + || chunk->offset < 0 ++ || chunk->offset > chunk->total_length /* necessary check on 32 bit systems */ ++ || chunk->chunk_length > chunk->total_length + || chunk->offset + chunk->chunk_length > chunk->total_length + || (chunk->offset != 0 + && chunk->total_length != pplayer->attribute_block_buffer.length)) { |